CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2008-6746
https://notcve.org/view.php?id=CVE-2008-6746
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la visualización de un contacto en Turba Contact Manager H3 antes de 2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el nombre del contacto. • http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h http://lists.horde.org/archives/announce/2008/000414.html http://secunia.com/advisories/30704 http://www.securityfocus.com/bid/29743 https://exchange.xforce.ibmcloud.com/vulnerabilities/43098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2005-1315
https://notcve.org/view.php?id=CVE-2005-1315
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. • http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.61.2.74&r2=1.61.2.77&ty=h http://lists.horde.org/archives/turba/Week-of-Mon-20050418/004182.html http://secunia.com/advisories/15074 •