Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework prior to 3.3.6, Horde Groupware prior to 1.2.5, and Horde Groupware Webmail Edition prior to 1.2.5 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
horde application framework 3.3.4 |
||
horde application framework 2.1 |
||
horde application framework 2.1.3 |
||
horde application framework 3.0.4 |
||
horde application framework 3.0 |
||
horde application framework 3.0.9 |
||
horde application framework 3.2.1 |
||
horde groupware 1.2.3 |
||
horde groupware |
||
horde groupware 1.0.1 |
||
horde groupware 1.2 |
||
horde groupware 1.1.5 |
||
horde application framework 2.2.4_rc1 |
||
horde application framework 2.2.5 |
||
horde application framework 2.2.3 |
||
horde application framework 3.0.1 |
||
horde application framework 2.2.6 |
||
horde application framework 2.0 |
||
horde application framework 3.0.2 |
||
horde application framework 3.0.3 |
||
horde application framework 3.1 |
||
horde application framework 3.1.1 |
||
horde application framework 3.0.8 |
||
horde application framework 3.3.2 |
||
horde application framework 3.3.1 |
||
horde groupware 1.1 |
||
horde groupware 1.0.2 |
||
horde groupware 1.2.2 |
||
horde groupware 1.1.4 |
||
horde application framework 3.0.6 |
||
horde application framework 3.0.7 |
||
horde application framework 3.2.3 |
||
horde application framework 3.3.3 |
||
horde groupware 1.0 |
||
horde groupware 1.0.5 |
||
horde groupware 1.0.4 |
||
horde groupware 1.1.1 |
||
horde groupware 1.2.1 |
||
horde application framework |
||
horde application framework 2.2.4 |
||
horde application framework 2.2 |
||
horde application framework 2.2.1 |
||
horde application framework 3.3 |
||
horde application framework 3.2.2 |
||
horde application framework 3.2.4 |
||
horde application framework 3.2 |
||
horde groupware 1.0.3 |
||
horde groupware 1.1.3 |
||
horde groupware 1.1.2 |
||
horde groupware 1.1.6 |
||
horde groupware 1.0.6 |
||
horde groupware 1.0.7 |
||
horde groupware 1.0.8 |
Vulmon