CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 2CVE-2009-2360 – Horde 3.1 - 'Passwd' Module Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2360
Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Passwd anteriores a v3.1.1 de Horde, permite a los atacantes remotos inyectar código web o HTML a través del parametro backend • https://www.exploit-db.com/exploits/33065 http://bugs.horde.org/ticket/8398 http://lists.horde.org/archives/announce/2009/000507.html http://secunia.com/advisories/35720 http://secunia.com/advisories/35769 http://www.debian.org/security/2009/dsa-1829 http://www.securityfocus.com/bid/35573 http://www.vupen.com/english/advisories/2009/1784 https://exchange.xforce.ibmcloud.com/vulnerabilities/51542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2008-6746
https://notcve.org/view.php?id=CVE-2008-6746
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la visualización de un contacto en Turba Contact Manager H3 antes de 2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el nombre del contacto. • http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h http://lists.horde.org/archives/announce/2008/000414.html http://secunia.com/advisories/30704 http://www.securityfocus.com/bid/29743 https://exchange.xforce.ibmcloud.com/vulnerabilities/43098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2008-5917
https://notcve.org/view.php?id=CVE-2008-5917
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el filtro XSS(framework/Text_Filter/Filter/xss.php) en Horde Application Framework v3.2.2 y v3.3, cunado Internet Explorer está siendo utilizado, permite a atacantes remotos inyectar secuencias de comando web o HTML a través de vectores desconocidos relacionados con atributos "style". • http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18 http://lists.horde.org/archives/announce/2008/000462.html http://lists.horde.org/archives/announce/2008/000464.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34418 http://secunia.com/advisories/34609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-4182
https://notcve.org/view.php?id=CVE-2008-4182
Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. Vulnerabilidad de secuencias de comandos en sitios cruzados - XSS en imp/test.php para Horde Turba Contact Manager H3 2.2.1, y posiblemente otros productos Horde Project, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del campo User en una sesión IMAP. • http://lists.horde.org/archives/announce/2008/000465.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://packetstormsecurity.org/0809-exploits/turba-xss.txt http://secunia.com/advisories/34703 http://www.debian.org/security/2009/dsa-1770 http://www.securityfocus.com/bid/31168 https://exchange.xforce.ibmcloud.com/vulnerabilities/45131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 2CVE-2008-3824 – Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3824
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) el módulo Text_Filter/Filter/xss.php de Horde versiones 3.1.x anteriores a 3.1.9 y versiones 3.2.x anteriores a 3.2.2 y en (2) el módulo externalinput.php de Popoon versión r22196 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección al reemplazar caracteres / (barra) por los espacios en blanco en un mensaje de correo electrónico en formato HTML. • https://www.exploit-db.com/exploits/32353 http://blog.liip.ch/missed-case-in-externalinput-php-resulting-in-viable-xss-attacks.html http://marc.info/?l=horde-announce&m=122103888111491&w=2 http://marc.info/?l=horde-announce&m=122104360019867&w=2 http://ocert.org/patches/2008-012/Text_Filter.31.patch http://ocert.org/patches/2008-012/Text_Filter.patch http://osvdb.org/47996 http://secunia.com/advisories/31842 http://securityreason.com/securityalert/4245 http://www. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •