Published: 16/03/2007 Updated: 16/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Horde Application Framework

Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework prior to 3.1.4 RC1, when the login page contains a language selection box, allows remote malicious users to inject arbitrary web script or HTML via the new_lang parameter to login.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde horde application framework 1.2.5
horde horde application framework 1.2.6
horde horde application framework 1.2.7
horde horde application framework 2.2.1
horde horde application framework 2.2.3
horde horde application framework 3.0.0
horde horde application framework 3.0.1
horde horde application framework 3.0.8
horde horde application framework 3.0.9
horde horde application framework 1.2.0
horde horde application framework 1.2.8
horde horde application framework 1.3.3
horde horde application framework 2.2.4
horde horde application framework 2.2.5
horde horde application framework 3.0.10
horde horde application framework 3.0.2
horde horde application framework 3.1.0
horde horde application framework 3.1.1
horde horde application framework 1.2.3
horde horde application framework 1.2.4
horde horde application framework 2.1
horde horde application framework 2.2
horde horde application framework 2.2.8
horde horde application framework 2.2.9
horde horde application framework 3.0.5
horde horde application framework 3.0.6
horde horde application framework 3.0.7
horde horde application framework 1.2.1
horde horde application framework 1.2.2
horde horde application framework 1.3.4
horde horde application framework 2.0
horde horde application framework 2.2.6
horde horde application framework 2.2.7
horde horde application framework 3.0.3
horde horde application framework 3.0.4
horde horde application framework 3.1.2
horde horde application framework 3.1.3

Several remote vulnerabilities have been discovered in the Horde web application framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross ...

source: wwwsecurityfocuscom/bid/22984/info Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authenticatio ...

NVD-CWE-Other http://lists.horde.org/archives/announce/2007/000315.html http://www.securityfocus.com/bid/22984 http://securitytracker.com/id?1017775 http://www.osvdb.org/33084 http://secunia.com/advisories/24528 http://www.novell.com/linux/security/advisories/2007_007_suse.html http://secunia.com/advisories/24995 http://www.debian.org/security/2007/dsa-1406 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/2427 http://www.vupen.com/english/advisories/2007/0965 https://exchange.xforce.ibmcloud.com/vulnerabilities/33013 http://www.securityfocus.com/archive/1/462915/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1406 https://www.exploit-db.com/exploits/29745/

CVE-2007-1473

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect