Published: 22/11/2005 Updated: 19/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Horde prior to 3.0.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde horde 1.2.4
horde horde 1.2.5
horde horde 2.2.1
horde horde 2.2.3
horde horde 2.2.9
horde horde 3.0
horde horde 3.0.6
horde horde 3.0.7
horde horde 1.2.2
horde horde 1.2.3
horde horde 2.1
horde horde 2.1.3
horde horde 2.2
horde horde 2.2.7
horde horde 2.2.8
horde horde 3.0.4_rc1
horde horde 3.0.4_rc2
horde horde 1.2.6
horde horde 1.2.7
horde horde 2.2.4
horde horde 2.2.4_rc1
horde horde 3.0.1
horde horde 3.0.2
horde horde 1.2
horde horde 1.2.1
horde horde 1.2.8
horde horde 2.0
horde horde 2.2.5
horde horde 2.2.6
horde horde 3.0.3
horde horde 3.0.4

Daniel Schreckling discovered that the MIME viewer in horde3, a web application suite, does not always sanitise its input leaving a possibility to force the return of malicious code that could be executed on the victims machine The old stable distribution (woody) does not contain horde3 packages For the stable distribution (sarge) these problems ...

CWE-79 http://lists.horde.org/archives/announce/2005/000232.html http://www.securityfocus.com/bid/15535 http://www.debian.org/security/2005/dsa-909 http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml http://secunia.com/advisories/17703 http://secunia.com/advisories/17599 http://www.vupen.com/english/advisories/2005/2536 http://www.securityfocus.com/archive/1/417436/30/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-909

CVE-2005-3759

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect