Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability

Bugtraq ID:	31107
Class:	Input Validation Error
CVE:	CVE-2008-3824
Remote:	Yes
Local:	No
Published:	Sep 10 2008 12:00AM
Updated:	Apr 13 2015 08:16PM
Credit:	Alexios Fakos
Vulnerable:	TPLN TPLN 2.9 RevokeBB RevokeBB 1.0 RC11 phpMyFAQ phpMyFAQ 2.5 -dev phpMyFAQ phpMyFAQ 2.0.7 Phour Phour r106 NoseRub NoseRub 0.5.2 NoseRub NoseRub 0.6 Mistralys SimpleSite 1.6.4 MAXdev MD-Pro 1.0.76 MAXdev MD-Pro 1.0.73 MAXdev MD-Pro 1.0.72 MAXdev MD-Pro 1.0821 MAXdev MD-Pro 1.081 Logicoder Logicoder r27 Horde Project Horde 3.2.1 Horde Project Horde 3.1.8 Horde Project Horde 3.1.7 Horde Project Horde 3.1.6 Horde Project Horde 3.1.5 Horde Project Horde 3.1.4 Horde Project Horde 3.1.3 Horde Project Horde 3.1.2 Horde Project Horde 3.1.1 Horde Project Horde 3.2 Horde Project Horde 3.1 Horde Project Groupware Webmail Edition 1.1.2 Horde Project Groupware Webmail Edition 1.1.1 Horde Project Groupware Webmail Edition 1.0.7 Horde Project Groupware Webmail Edition 1.0.6 Horde Project Groupware Webmail Edition 1.0.5 Horde Project Groupware Webmail Edition 1.0.4 Horde Project Groupware Webmail Edition 1.0.3 Horde Project Groupware Webmail Edition 1.0-RC2 Horde Project Groupware Webmail Edition 1.0 Horde Project Groupware 1.1.2 Horde Project Groupware 1.1.1 Horde Project Groupware 1.0.6 Horde Project Groupware 1.0.5 Horde Project Groupware 1.0.4 Horde Project Groupware 1.0.3 Horde Project Groupware 1.0.2 Horde Project Groupware 1.0-RC3 Horde Project Groupware 1.0 Flux CMS Popoon r22196 emuCMS emuCMS 0.3 emuCMS emuCMS 0.21 DeluxeBB DeluxeBB 1.0 5 DeluxeBB DeluxeBB 1.0 DeluxeBB DeluxeBB 1.2 DeluxeBB DeluxeBB 1.1 DeluxeBB DeluxeBB 1.09 DeluxeBB DeluxeBB 1.08 DeluxeBB DeluxeBB 1.07 DeluxeBB DeluxeBB 1.06 CakePHP CakePHP 1.2 7296 RC2 CakePHP CakePHP 1.1.8.3544 CakePHP CakePHP 1.1.7.3363 CakePHP CakePHP 1.1.6.3264 CakePHP CakePHP 1.1.5.3148
Not Vulnerable:	phpMyFAQ phpMyFAQ 2.0.8 Horde Project Horde 3.2.2 Horde Project Horde 3.1.9 Horde Project Groupware Webmail Edition 1.1.3 Horde Project Groupware Webmail Edition 1.0.8 Horde Project Groupware 1.1.3 Horde Project Groupware 1.0.7

Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability

Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Horde Framework 3.1.9 and 3.2.2.

Note that additional products that use the Horde Framework may also be vulnerable.

Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability

The following example is available:

• /data/vulnerabilities/exploits/31107.html

Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.


Horde Project Horde 3.1

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Flux CMS Popoon r22196

• Flux CMS externalinput.php
  http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput. php

Horde Project Horde 3.2

• Horde Text_Filter.patch
  http://ocert.org/patches/2008-012/Text_Filter.patch

phpMyFAQ phpMyFAQ 2.0.7

• phpMyFAQ phpmyfaq-2.0.8.tar.gz
  http://www.phpmyfaq.de/getfaq.php?number=2.0.8&ext=.tar.gz

Horde Project Horde 3.1.1

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.2

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.3

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.4

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.5

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.6

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.7

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.1.8

• Horde Text_Filter.31.patch
  http://ocert.org/patches/2008-012/Text_Filter.31.patch

Horde Project Horde 3.2.1

• Horde Text_Filter.patch
  http://ocert.org/patches/2008-012/Text_Filter.patch

Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability

References:

• [announce] [SECURITY] Horde 3.2.2 (final) (Horde)
  
• [announce] [SECURITY] Horde Groupware Webmail Edition 1.1.3 (final) (Horde)
  
• [announce] Horde 3.1.9 (final) (Horde)
  
• [announce] Horde Groupware 1.0.7 (final) (Horde)
  
• [announce] Horde Groupware 1.1.3 (final) (Horde)
  
• [announce] Horde Groupware Webmail Edition 1.0.8 (final) (Horde)
  
• Missed case in externalinput.php resulting in viable XSS attacks - fix available (Christian Stocker)
  
• n runs-SA-2008 007 Cross-Site Scripting Filter Evasion in various frameworks (n.runs AG)
  
• Pandora Homepage (Pandora FMS Team)
  
• phpMyFAQ 2.x input sanitization errors (XSS) (phpMyFAQ)
  
• Popoon Homepage (Flux CMS)
  
• [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS) (Will Drewry )
  
• #2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) (oCERT)