CVE-2005-4190
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
13/12/2005
Last modified:
13/09/2011
Description
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:horde:horde_application_framework:1.0.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.2_1:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.3_2:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.3_3:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.3_4:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.0.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:horde:horde_application_framework:1.2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.horde.org/archives/announce/2005/000238.html
- http://secunia.com/advisories/17970
- http://secunia.com/advisories/19619
- http://secunia.com/advisories/19897
- http://secunia.com/advisories/20960
- http://www.debian.org/security/2006/dsa-1033
- http://www.novell.com/linux/security/advisories/2006_04_28.html
- http://www.novell.com/linux/security/advisories/2006_16_sr.html
- http://www.sec-consult.com/245.html
- http://www.securityfocus.com/bid/15802
- http://www.securityfocus.com/bid/15803
- http://www.securityfocus.com/bid/15804
- http://www.securityfocus.com/bid/15806
- http://www.securityfocus.com/bid/15808
- http://www.securityfocus.com/bid/15810
- http://www.vupen.com/english/advisories/2005/2835