Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 up to and including 3.0.10 and 3.1.0 up to and including 3.1.1 allow remote malicious users to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
horde horde 3.0.2 |
||
horde horde 3.0.3 |
||
horde horde 3.0.9 |
||
horde horde 3.1 |
||
horde horde 3.0.4 |
||
horde horde 3.0.4_rc1 |
||
horde horde 3.1.1 |
||
horde horde 3.0.4_rc2 |
||
horde horde 3.0.6 |
||
horde horde 3.0 |
||
horde horde 3.0.1 |
||
horde horde 3.0.7 |
||
horde horde 3.0.8 |
Vulmon