Horde Products Multiple Cross-Site Scripting Vulnerabilities


Description   (#Several cross-site scripting vulnerabilities have been identified in Horde application.#- CVE-2015-8807: located in the '_renderVarInput_number()' function in 'framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php'#- CVE-2016-2228: located in 'horde/templates/topbar/_menubar.html.php' and is exploitable through the 'searchfield' parameter##A remote attacker could exploit it by inciting his victim to follow specially crafted URL in order to execute arbitrary JavaScript/HTML code.##The horde and pear-Horde_Core packages provided by FreeBSD are vulnerable.##The graphite2 packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
Fedora (Red Hat) - 22, 23FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 8Vulnerable Software:
Horde (Horde) - 1.0.3, 1.0.4, 1.0.5, 2.0, 2.0.6, ..., 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8
     
Solution   Fixed php-horde-core packages for Debian Jessie 8 are available (CVE-2015-8807).
     
CVE   CVE-2016-2228
CVE-2015-8807
     
References   - oss-sec : Horde: Two cross-site scripting vulnerabilities
http://seclists.org/oss-sec/2016/q1/292
- VuXML : horde -- XSS vulnerabilies
https://www.vuxml.org/freebsd/3aa8b781-d2c4-11e5-b2bd-002590263bf5.html
- Debian Security Tracker : php-horde
https://security-tracker.debian.org/tracker/CVE-2015-8807
https://security-tracker.debian.org/tracker/CVE-2016-2228
- FEDORA-2016-5d0e7f15ef : Fedora 23 Update: php-horde-horde-5.2.9-1.fc23
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html
- FEDORA-2016-3d1183830b : Fedora 22 Update: php-horde-horde-5.2.9-1.fc22
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html
- DSA 3497-1 : php-horde security update
https://lists.debian.org/debian-security-announce/2016/msg00067.html
- DSA 3496-1 : php-horde-core security update
https://lists.debian.org/debian-security-announce/2016/msg00066.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-02-02 

 Target Type 
Client 

 Possible exploit 
Remote