Page 2 of 8 results (0.003 seconds)

CVSS: 3.5EPSS: 0%CPEs: 43EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o 'script' web de su elección mediante múltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de búsqueda "Category" y (3) "Label", (4) el campo "Mobile Phone", y (5) los campos "Date" y "Time" cuando se importa ficheros CSV, lo cual ha sido explotado mediante módulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag. • http://lists.horde.org/archives/announce/2005/000238.html http://secunia.com/advisories/17970 http://secunia.com/advisories/19619 http://secunia.com/advisories/19897 http://secunia.com/advisories/20960 http://www.debian.org/security/2006/dsa-1033 http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.sec-consult.com/245.html http://www.securityfocus.com/bid/15802 http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 31EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. • http://lists.horde.org/archives/announce/2005/000232.html http://secunia.com/advisories/17599 http://secunia.com/advisories/17703 http://www.debian.org/security/2005/dsa-909 http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml http://www.securityfocus.com/archive/1/417436/30/0/threaded http://www.securityfocus.com/bid/15535 http://www.vupen.com/english/advisories/2005/2536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. • http://marc.info/?l=bugtraq&m=106081310531567&w=2 http://marc.info/?l=bugtraq&m=106252836330987&w=2 •