A CSRF flaw and an XSS flaw ware reported [1],[2] in the way Horde Groupware handled saving searches as virtual address book. An attacker could launch a CRSF attack to have the victim save malicious code in the "save search" which would then make it vulnerable to an XSS attack. This has been fixed in git. [3] [1] http://www.securityfocus.com/archive/1/529589 [2] http://bugs.horde.org/ticket/12803 [3] https://github.com/horde/horde/commit/74f9add4ad86c29b608270e33b17426163b3c8cf
Created horde tracking bugs for this issue: Affects: fedora-all [bug 1026494] Affects: epel-all [bug 1026496]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.