Page 4 of 18 results (0.008 seconds)

CVSS: 3.5EPSS: 0%CPEs: 43EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o 'script' web de su elección mediante múltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de búsqueda "Category" y (3) "Label", (4) el campo "Mobile Phone", y (5) los campos "Date" y "Time" cuando se importa ficheros CSV, lo cual ha sido explotado mediante módulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag. • http://lists.horde.org/archives/announce/2005/000238.html http://secunia.com/advisories/17970 http://secunia.com/advisories/19619 http://secunia.com/advisories/19897 http://secunia.com/advisories/20960 http://www.debian.org/security/2006/dsa-1033 http://www.novell.com/linux/security/advisories/2006_04_28.html http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.sec-consult.com/245.html http://www.securityfocus.com/bid/15802 http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. • http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h http://lists.horde.org/archives/announce/2005/000176.html http://secunia.com/advisories/14730 http://www.novell.com/linux/security/advisories/2005_16_sr.html •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. • http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u http://lists.horde.org/archives/announce/2004/000107.html http://secunia.com/advisories/12992 http://securitytracker.com/id?1011959 http://www.osvdb.org/11164 http://www.securityfocus.com/bid/11546 https://exchange.xforce.ibmcloud.com/vulnerabilities/17881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •