Page 2 of 9 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 4

CVE-2008-2783 – Horde Multiple Product - 'day.php?Timestamp' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-2783

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Horde Groupware, Groupware Webmail Edition y Kronolith, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro timestamp en (1) week.php, (2) workweek.php y (3) day.php; y (4) parámetro horde en PATH_INFO de la URI por defeceto. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • https://www.exploit-db.com/exploits/31840 https://www.exploit-db.com/exploits/31839 https://www.exploit-db.com/exploits/31838 http://www.securityfocus.com/bid/29365 https://exchange.xforce.ibmcloud.com/vulnerabilities/42640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0

CVE-2006-6175

https://notcve.org/view.php?id=CVE-2006-6175

Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. Vulnerabilidad de escalado de directorio en lib/FBView.php del Horde Kronolith H3 en versiones anteriores a la 2.0.7 y en la 2.1.x anterior a la 2.1.4, permite a atacantes remotos ejecutar código y ficheros PHP de su elección mediante la secuencia .. (punto punto) en el parámetro view. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=445 http://marc.info/?l=horde-announce&m=116483107007152&w=2 http://marc.info/?l=horde-announce&m=116483121211579&w=2 http://secunia.com/advisories/23145 http://secunia.com/advisories/23780 http://security.gentoo.org/glsa/glsa-200701-11.xml http://securitytracker.com/id?1017316 http://www.securityfocus.com/bid/21341 http://www.vupen.com/english/advisories/2006/4775 •

CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 0

CVE-2005-4189

https://notcve.org/view.php?id=CVE-2005-4189

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Kronolith H3 anteriores a 2.0.6 permite a usuarios remotos autenticados inyectar 'scritp' web o HTML de su elección mediante (1) el nombre del campo "Calendar" cuanto se crean calendarios, (2) el campo de título de evento cuando se borran eventos, (3) los campos de búsqueda "Category" y (4) "Location", y (5) los campos de dirección de correo electrónico de los asistentes cuando se edita asistentes al evento, y posiblemente otros vectores. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html http://lists.horde.org/archives/announce/2005/000234.html http://secunia.com/advisories/17971 http://secunia.com/advisories/18827 http://www.debian.org/security/2006/dsa-970 http://www.osvdb.org/21608 http://www.osvdb.org/21609 http://www.osvdb.org/21610 http://www.osvdb.org/21611 http://www.sec-consult.com/245.html http://www.securityfocus.com/bid/15808 http://www.vupen.com/english •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1314

https://notcve.org/view.php?id=CVE-2005-1314

Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. • http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.69.2.39&r2=1.69.2.41&ty=h http://lists.horde.org/archives/kronolith/Week-of-Mon-20050418/005347.html http://secunia.com/advisories/15080 •