Advertisement






Horde Groupware 1.2.5 and application_framework 3.3.3 Multiple Vulns

CVE Category Price Severity
CVE-2020-30883 CWE-89 Not specified Critical
Author Risk Exploitation Type Date
Fabian Bru00e4unlein High Remote 2009-12-29
CPE
cpe:cpe:/a:horde:groupware:1.2.5
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2009120156

Below is a copy:

The Horde Team is pleased to announce the final release of the Horde Groupware
version 1.2.5.

This is a bugfix release that also fixes an XSS vulnerability in the
administration interface and improves the XSS filter to work around an XSS
vulnerability in Firefox browsers.

Thanks to Juan Galiana Lara and Daniel Fernández Bleda from Internet Security
Auditors for finding the XSS vulnerability in the administration interface.

Horde Groupware is a free, enterprise ready, browser based collaboration
suite. Users can manage and share calendars, contacts, tasks and notes  
with the
standards compliant components from the Horde Project.

The major changes compared to the Horde Groupware version 1.2.4 are:
     * Fixed XSS vulnerability in administrator scripts.
     * Several synchronization improvements.
     * Improved Oracle and MSSQL compatibility.
     * Fixed access keys on Mac browsers.
     * Fixed "white screen" issue with Internet Explorer.
     * Added preference for the name format to use for sorting contacts.
     * Support X-ANNIVERSARY, X-CHILDREN, and X-SPOUSE vCard fields.
     * Correctly track contact deletions during synchronization.
     * Fixed edge cases of weekly recurring events.
     * Fixed editing URLs of remote calendars.
     * Some speed improvements in the calendar.
     * Fixed importing task due dates.
     * Added Croatian translation.
     * Many further bug fixes and feature enhancements.

The full list of changes (from version 1.2.4) can be viewed here:

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.38.2.7&r2=1.38.2.9&ty=h

The Horde Groupware 1.2.5 distribution is available from the following  
locations:

     ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.5.tar.gz
     http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.5.tar.gz

Patches against version 1.2.4 are available at:

      
ftp://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.2.4-1.2.5.gz
      
http://ftp.horde.org/pub/horde-groupware/patches/patch-horde-groupware-1.2.4-1.2.5.gz

Or, for quicker access, download from your nearest mirror:

     http://www.horde.org/mirrors.php

MD5 sums for the packages are as follows:

     f4953165d90a73135904531807895481  horde-groupware-1.2.5.tar.gz
     7c794a211c6261e6705bbad732fab2f7  patch-horde-groupware-1.2.4-1.2.5.gz

Have fun!

The Horde Team.


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.