Page 3 of 12 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". • http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h http://lists.horde.org/archives/announce/2005/000231.html http://secunia.com/advisories/17468 http://secunia.com/advisories/17702 http://secunia.com/advisories/17794 http://www.debian.org/security/2005/dsa-914 http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml http://www.securityfocus.com/bid/15409 http://www.vupen.com/english/advisories/2005/2403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. • http://marc.info/?l=bugtraq&m=106081310531567&w=2 http://marc.info/?l=bugtraq&m=106252836330987&w=2 •