CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 3CVE-2008-1974 – Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1974
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de secuencias de órdenes en sitios cruzados (XSS) en addevent.php de Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, y Groupware 1.0.5 permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el parámetro "url". • https://www.exploit-db.com/exploits/31697 http://forum.aria-security.com/showthread.php?t=49 http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html http://osvdb.org/51238 http://secunia.com/advisories/29920 http://secunia.com/advisories/30649 http://securityreason.com/securityalert/3831 http://www.securityfocus.com/archive/1/491230/100/0/threaded http://www.securityfocus.com/bid/28898 http://www.securitytracker.com/id?1019934 http://www.vupen.com/eng • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1284
https://notcve.org/view.php?id=CVE-2008-1284
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Vulnerabilidad de salto de directorio en Horde 3.1.6, Groupware anterior 1.0.5, y Groupware Webmail Edition anterior 1.0.6, cuando ejecuta ciertas configuraciones, pertmite a usuarios autenticados remotamente leer y ejecutar ficheros de su elección a través de secuencias ".." y de byte nulo en el mismo "theme name". • http://lists.horde.org/archives/announce/2008/000382.html http://lists.horde.org/archives/announce/2008/000383.html http://lists.horde.org/archives/announce/2008/000384.html http://secunia.com/advisories/29286 http://secunia.com/advisories/29374 http://secunia.com/advisories/29400 http://secunia.com/advisories/30047 http://security.gentoo.org/glsa/glsa-200805-01.xml http://securityreason.com/securityalert/3726 http://www.debian.org/security/2008/dsa-1519 http://www.securityf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •