Published: 13/12/2005 Updated: 13/09/2011

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework prior to 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde horde application framework 1.0.2_1
horde horde application framework 1.0.3_2
horde horde application framework 1.0.9
horde horde application framework 1.2.1
horde horde application framework 1.2.8
horde horde application framework 1.3.4
horde horde application framework 2.2.3
horde horde application framework 2.2.5
horde horde application framework 3.0.3
horde horde application framework 3.0.5
horde horde application framework 1.0.0
horde horde application framework 1.0.10
horde horde application framework 1.0.11
horde horde application framework 1.0.2
horde horde application framework 1.2.2
horde horde application framework 1.2.3
horde horde application framework 1.2.4
horde horde application framework 1.2.5
horde horde application framework 1.2.6
horde horde application framework 2.2.7
horde horde application framework 2.2.8
horde horde application framework 2.2.9
horde horde application framework 3.0.1
horde horde application framework 1.0.3_4
horde horde application framework 1.0.4
horde horde application framework 1.0.5
horde horde application framework 1.0.6
horde horde application framework 2.0
horde horde application framework 2.1
horde horde application framework 2.2
horde horde application framework 2.2.1
horde horde application framework 3.0.6
horde horde application framework 3.0.7
horde horde application framework 1.0.3
horde horde application framework 1.0.3_3
horde horde application framework 1.0.8
horde horde application framework 1.2.0
horde horde application framework 1.2.7
horde horde application framework 1.3.3
horde horde application framework 2.2.4
horde horde application framework 2.2.6
horde horde application framework 3.0.2
horde horde application framework 3.0.4

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4190 Several Cross-Site-Scripting vulnerabilities have been discovered in the "share edit wind ...

CWE-79 http://lists.horde.org/archives/announce/2005/000238.html http://www.sec-consult.com/245.html http://secunia.com/advisories/17970 http://www.securityfocus.com/bid/15802 http://www.securityfocus.com/bid/15808 http://www.securityfocus.com/bid/15803 http://www.securityfocus.com/bid/15804 http://www.securityfocus.com/bid/15806 http://www.securityfocus.com/bid/15810 http://www.debian.org/security/2006/dsa-1033 http://secunia.com/advisories/19619 http://www.novell.com/linux/security/advisories/2006_04_28.html http://secunia.com/advisories/19897 http://www.novell.com/linux/security/advisories/2006_16_sr.html http://secunia.com/advisories/20960 http://www.vupen.com/english/advisories/2005/2835 https://nvd.nist.gov https://www.debian.org/security/./dsa-1033

CVE-2005-4190

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect