Page 2 of 10 results (0.003 seconds)

CVSS: 4.3EPSS: 1%CPEs: 13EXPL: 2

CVE-2006-3548

https://notcve.org/view.php?id=CVE-2006-3548

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de uan (1) URI javascript o una URI externa (2) http, (3) https, o (4) ftp en el parámetro url en services/go.php (también conocido como dereferrer), (5) una URI javascript en el parámetro module en services/help (también conocido como el visualizador de la ayuda), y (6) el parámetro name en services/problem.php (también conocido como el problema de la pantalla de presentación de informes. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html http://lists.horde.org/archives/announce/2006/000287.html http://lists.horde.org/archives/announce/2006/000288.html http://moritz-naumann.com/adv/0011/hordemulti/0011.txt http://secunia.com/advisories/20954 http://secunia.com/advisories/21459 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/1229 http://securitytracker.com/id?1016442 http://www.debian.org/security/2007/dsa-1406 http •

CVSS: 6.8EPSS: 3%CPEs: 11EXPL: 0

CVE-2006-2195

https://notcve.org/view.php?id=CVE-2006-2195

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) templates/problem/problem.inc y (2) test.php. • http://bugs.gentoo.org/show_bug.cgi?id=136830 http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146 http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt http://secunia.com/advisories/20661 http://secunia.com/advisories/20672 http://secunia.com/advisories/20750 http://secunia.com/advisories/20849 htt •

CVSS: 5.0EPSS: 10%CPEs: 33EXPL: 3

CVE-2006-1260 – Horde Web-Mail 3.x - 'go.php' Remote File Disclosure

https://notcve.org/view.php?id=CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. • https://www.exploit-db.com/exploits/4850 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html http://secunia.com/advisories/19246 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://secunia.com/advisories/19897 http://securityreason.com/securityalert/590 http://securitytracker.com/id?1015771 http://www.debian.org/security/2006/dsa-1033 http://www.debian.org/security/2006/dsa-1034 http:/&#x •

CVSS: 5.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2005-3759

https://notcve.org/view.php?id=CVE-2005-3759

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. • http://lists.horde.org/archives/announce/2005/000232.html http://secunia.com/advisories/17599 http://secunia.com/advisories/17703 http://www.debian.org/security/2005/dsa-909 http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml http://www.securityfocus.com/archive/1/417436/30/0/threaded http://www.securityfocus.com/bid/15535 http://www.vupen.com/english/advisories/2005/2536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2005-0378

https://notcve.org/view.php?id=CVE-2005-0378

Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. • http://marc.info/?l=bugtraq&m=110564059322774&w=2 http://securitytracker.com/id?1012892 http://www.hyperdose.com/advisories/H2005-01.txt http://www.securityfocus.com/bid/12255 https://exchange.xforce.ibmcloud.com/vulnerabilities/18881 •