Published: 09/11/2010 Updated: 12/07/2011

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework prior to 3.3.9 allows remote malicious users to inject arbitrary web script or HTML via the subdir parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde horde application framework 1.0.3
horde horde application framework 1.1.1
horde horde application framework 2.0
horde horde application framework 2.1
horde horde application framework 2.2.6
horde horde application framework 2.2.7
horde horde application framework 3.0.3
horde horde application framework 3.0.9
horde horde application framework 3.1.3
horde horde application framework 3.1.4
horde horde application framework 3.2
horde horde application framework 3.2.1
horde horde application framework 3.3.5
horde horde application framework 3.3.6
horde horde application framework 3.1.8
horde horde application framework 3.0.5
horde horde application framework 3.0.8
horde horde application framework 1.3.2
horde horde application framework 1.3.5
horde horde application framework 2.2.4
horde horde application framework 2.2.5
horde horde application framework 3.0.1
horde horde application framework 3.0.2
horde horde application framework 3.1.1
horde horde application framework 3.1.2
horde horde application framework 3.3.3
horde horde application framework 3.3.4
horde horde application framework 3.2.2
horde horde application framework 3.0
horde horde application framework 3.0.6
horde horde application framework 3.1
horde horde application framework 3.0.4
horde horde application framework 1.3.3
horde horde application framework 1.3.4
horde horde application framework 2.2
horde horde application framework 2.2.1
horde horde application framework 2.2.8
horde horde application framework 2.2.9
horde horde application framework 3.0.10
horde horde application framework 3.0.11
horde horde application framework 3.1.5
horde horde application framework 3.1.6
horde horde application framework 3.2.3
horde horde application framework 3.2.4
horde horde application framework 3.3
horde horde application framework 3.3.7
horde horde application framework
horde horde application framework 1.3.0
horde horde application framework 1.3.1
horde horde application framework 2.2.3
horde horde application framework 2.2.2
horde horde application framework 3.0.12
horde horde application framework 3.1.7
horde horde application framework 3.1.9
horde horde application framework 3.3.1
horde horde application framework 3.3.2
horde horde application framework 3.2.5
horde horde application framework 3.0.7

It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery For the oldstable distribution (lenny), these problems have been fixed in version 322+debian0-2+lenny3 For the stable distribution (squeeze), these problems have been fixed in version 338+debian0-2, wh ...

source: wwwsecurityfocuscom/bid/43001/info Horde Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may hel ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=630687 http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9 http://lists.horde.org/archives/announce/2010/000557.html http://seclists.org/fulldisclosure/2010/Sep/82 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html http://secunia.com/advisories/42140 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html https://nvd.nist.gov https://www.debian.org/security/./dsa-2278 https://www.exploit-db.com/exploits/34605/

CVE-2010-3077

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect