Debian Security Advisory 1829-1 – It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79106/dsa-1829-1.txt
Source: https://packetstormsecurity.com/files/79106/Debian-Linux-Security-Advisory-1829-1.html