4.3

CVE-2010-3447

Exploit
Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HordeGollem Version <= 1.1.1
HordeGollem Version1.0
HordeGollem Version1.0 Updatealpha
HordeGollem Version1.0 Updatebeta
HordeGollem Version1.0 Updaterc1
HordeGollem Version1.0 Updaterc2
HordeGollem Version1.0.1
HordeGollem Version1.0.1 Updaterc1
HordeGollem Version1.0.2
HordeGollem Version1.0.2 Updaterc1
HordeGollem Version1.0.3
HordeGollem Version1.0.4
HordeGollem Version1.1
HordeGollem Version1.1 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.79% 0.755
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://openwall.com/lists/oss-security/2010/09/30/7
Patch
Exploit
http://openwall.com/lists/oss-security/2010/09/30/8
Patch
http://bugs.horde.org/ticket/9191
Patch
Exploit
http://git.horde.org/diff.php/gollem/view.php?rt=horde&r1=1.51.2.6&r2=1.51.2.7&ty=u
Patch
http://git.horde.org/diff.php/gollem/view.php?rt=horde-git&r1=7f7a4300f16b429ed645bc3e2af2cedffc70ce3e&r2=025a1bfbe69622036f8e3a27a6edd39c02dcd4ea
Patch
http://lists.horde.org/archives/announce/2010/000565.html
Patch
http://lists.horde.org/archives/commits/2010-August/004747.html
Patch
http://openwall.com/lists/oss-security/2010/09/29/11
Patch
Exploit
http://openwall.com/lists/oss-security/2010/09/30/5
Patch
Exploit
http://secunia.com/advisories/41624
Vendor Advisory
http://www.osvdb.org/68262
http://www.vupen.com/english/advisories/2010/2523
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62091