January 6, 2010

Debian Security Advisory 1966 horde3 - insufficient input sanitising

It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file...

Read More 

Click Here!