Cross-Site Scripting in php-horde-kronolith
ID: | FEDORA-2018-1c9f3f4d9e |
Distribution: | Fedora |
Plattformen: | Fedora 28 |
Datum: | Mo, 8. Oktober 2018, 08:18 |
Referenzen: | https://bugzilla.redhat.com/show_bug.cgi?id=14857 |
Applikationen: | Kronolith |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-1c9f3f4d9e 2018-10-07 22:15:04.448704 -------------------------------------------------------------------------------- Name : php-horde-kronolith Product : Fedora 28 Version : 4.2.25 Release : 1.fc28 URL : http://www.horde.org/apps/kronolith Summary : A web based calendar Description : Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management (iCalendar/iTip), free/busy management, resource management, alarms, recurring events, and a sophisticated day/week view which handles arbitrary numbers of overlapping events. -------------------------------------------------------------------------------- Update Information: **Kronolith 4.2.25** * [mjr] SECURITY: Fix XSS vulnerability in resource group property view (Bug #14857). * [mjr] SECURITY: Fix XSS vulnerability in event URL field (Bug #14857). -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 27 2018 Remi Collet |