January 6, 2010

Debian Security Advisory 1966 horde3 - insufficient input sanitising

It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file...

Read More