GLSA-200505-01 : Horde Framework: Multiple XSS vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200505-01
(Horde Framework: Multiple XSS vulnerabilities)

Cross-site scripting vulnerabilities have been discovered in
various modules of the Horde Framework.

Impact :

These vulnerabilities could be exploited by an attacker to execute
arbitrary HTML and script code in context of the victim's browser.

Workaround :

There is no known workaround at this time.

See also :

http://marc.info/?l=horde-announce&r=1&b=200504&w=2
http://www.gentoo.org/security/en/glsa/glsa-200505-01.xml

Solution :

All Horde users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-2.2.8'
All Horde Vacation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-vacation-2.2.2'
All Horde Turba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-turba-1.2.5'
All Horde Passwd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-passwd-2.2.2'
All Horde Nag users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-nag-1.1.3'
All Horde Mnemo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-mnemo-1.1.4'
All Horde Kronolith users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-kronolith-1.1.4'
All Horde IMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-imp-3.2.8'
All Horde Accounts users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-accounts-2.1.2'
All Horde Forwards users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-forwards-2.2.2'
All Horde Chora users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/horde-chora-1.2.3'

Risk factor :

Low

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18170 (gentoo_GLSA-200505-01.nasl)

Bugtraq ID:

CVE ID: