3.5
CVE-2005-4190
- EPSS 1.6%
- Veröffentlicht 13.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Horde ≫ Horde Application Framework Version1.0.0
Horde ≫ Horde Application Framework Version1.0.2
Horde ≫ Horde Application Framework Version1.0.2_1
Horde ≫ Horde Application Framework Version1.0.3
Horde ≫ Horde Application Framework Version1.0.3_2
Horde ≫ Horde Application Framework Version1.0.3_3
Horde ≫ Horde Application Framework Version1.0.3_4
Horde ≫ Horde Application Framework Version1.0.4
Horde ≫ Horde Application Framework Version1.0.5
Horde ≫ Horde Application Framework Version1.0.6
Horde ≫ Horde Application Framework Version1.0.8
Horde ≫ Horde Application Framework Version1.0.9
Horde ≫ Horde Application Framework Version1.0.10
Horde ≫ Horde Application Framework Version1.0.11
Horde ≫ Horde Application Framework Version1.2.0
Horde ≫ Horde Application Framework Version1.2.1
Horde ≫ Horde Application Framework Version1.2.2
Horde ≫ Horde Application Framework Version1.2.3
Horde ≫ Horde Application Framework Version1.2.4
Horde ≫ Horde Application Framework Version1.2.5
Horde ≫ Horde Application Framework Version1.2.6
Horde ≫ Horde Application Framework Version1.2.7
Horde ≫ Horde Application Framework Version1.2.8
Horde ≫ Horde Application Framework Version1.3.3
Horde ≫ Horde Application Framework Version1.3.4
Horde ≫ Horde Application Framework Version2.0
Horde ≫ Horde Application Framework Version2.1
Horde ≫ Horde Application Framework Version2.2
Horde ≫ Horde Application Framework Version2.2.1
Horde ≫ Horde Application Framework Version2.2.3
Horde ≫ Horde Application Framework Version2.2.4
Horde ≫ Horde Application Framework Version2.2.5
Horde ≫ Horde Application Framework Version2.2.6
Horde ≫ Horde Application Framework Version2.2.7
Horde ≫ Horde Application Framework Version2.2.8
Horde ≫ Horde Application Framework Version2.2.9
Horde ≫ Horde Application Framework Version3.0.1
Horde ≫ Horde Application Framework Version3.0.2
Horde ≫ Horde Application Framework Version3.0.3
Horde ≫ Horde Application Framework Version3.0.4
Horde ≫ Horde Application Framework Version3.0.5
Horde ≫ Horde Application Framework Version3.0.6
Horde ≫ Horde Application Framework Version3.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.6% | 0.726 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://secunia.com/advisories/20960
http://www.novell.com/linux/security/advisories/2006_16_sr.html
http://www.sec-consult.com/245.html
http://www.securityfocus.com/bid/15808
http://lists.horde.org/archives/announce/2005/000238.html
http://secunia.com/advisories/17970
http://secunia.com/advisories/19619
http://secunia.com/advisories/19897
http://www.debian.org/security/2006/dsa-1033
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.securityfocus.com/bid/15802
http://www.securityfocus.com/bid/15803
http://www.securityfocus.com/bid/15804
http://www.securityfocus.com/bid/15806
http://www.securityfocus.com/bid/15810
http://www.vupen.com/english/advisories/2005/2835