FreeBSD : horde-base -- XSS and CSRF vulnerabilities (8fc55043-cb1e-11df-9c1b-0011098ad87f)
High Nessus Plugin ID 49729
The remote FreeBSD host is missing a security-related update.
The Horde team reports : Thanks to Naumann IT Security Consulting for reporting the XSS vulnerability. Thanks to Secunia for releasing an advisory for the new CSRF protection in the preference interface The major changes compared to Horde version 3.3.8 are : * Fixed XSS vulnerability in util/icon_browser.php. * Protected preference forms against CSRF attacks.