CVE-2010-3447

Exploit

EPSS 0.79%
Published 04.04.2011 12:27:36
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Horde ≫ Gollem Version <= 1.1.1

Horde ≫ Gollem Version1.0

Horde ≫ Gollem Version1.0 Updatealpha

Horde ≫ Gollem Version1.0 Updatebeta

Horde ≫ Gollem Version1.0 Updaterc1

Horde ≫ Gollem Version1.0 Updaterc2

Horde ≫ Gollem Version1.0.1

Horde ≫ Gollem Version1.0.1 Updaterc1

Horde ≫ Gollem Version1.0.2

Horde ≫ Gollem Version1.0.2 Updaterc1

Horde ≫ Gollem Version1.0.3

Horde ≫ Gollem Version1.0.4

Horde ≫ Gollem Version1.1

Horde ≫ Gollem Version1.1 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.79%	0.716

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://openwall.com/lists/oss-security/2010/09/30/7

Patch

Exploit

http://openwall.com/lists/oss-security/2010/09/30/8

Patch

http://bugs.horde.org/ticket/9191

Patch

Exploit

http://git.horde.org/diff.php/gollem/view.php?rt=horde&r1=1.51.2.6&r2=1.51.2.7&ty=u

Patch

http://git.horde.org/diff.php/gollem/view.php?rt=horde-git&r1=7f7a4300f16b429ed645bc3e2af2cedffc70ce3e&r2=025a1bfbe69622036f8e3a27a6edd39c02dcd4ea

Patch