12 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 http://lists.horde.org/archives/announce/2009/000482.html http://lists.horde.org/archives/announce/2009/000483.html http://lists.horde.org/archives/announce/2009/000486.html http://secunia.com/advisories/33695 http://www.securityfocus.com/bid/33491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en horde/imp/search.php en Horde IMP H3 anterior a 4.1.3 permite a atacanets remotos incluir secuencias de comandos web o HTML de su elección a través de múltiples vectores no especificados relacionados con nombres de carpetas, como se ha inyectado en el campo de formulario vfolder_label en la pantalla de búsqueda IMP. • http://lists.horde.org/archives/announce/2006/000294.html http://secunia.com/advisories/21533 http://securityreason.com/securityalert/1423 http://securitytracker.com/id?1016713 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 http://www.securityfocus.com/archive/1/443361/100/0/threaded http://www.securityfocus.com/bid/19544 http://www.vupen.com/english/advisories/2006/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/28409 •

CVSS: 4.3EPSS: 1%CPEs: 13EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de uan (1) URI javascript o una URI externa (2) http, (3) https, o (4) ftp en el parámetro url en services/go.php (también conocido como dereferrer), (5) una URI javascript en el parámetro module en services/help (también conocido como el visualizador de la ayuda), y (6) el parámetro name en services/problem.php (también conocido como el problema de la pantalla de presentación de informes. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html http://lists.horde.org/archives/announce/2006/000287.html http://lists.horde.org/archives/announce/2006/000288.html http://moritz-naumann.com/adv/0011/hordemulti/0011.txt http://secunia.com/advisories/20954 http://secunia.com/advisories/21459 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/1229 http://securitytracker.com/id?1016442 http://www.debian.org/security/2007/dsa-1406 http •

CVSS: 6.8EPSS: 3%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) templates/problem/problem.inc y (2) test.php. • http://bugs.gentoo.org/show_bug.cgi?id=136830 http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146 http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt http://secunia.com/advisories/20661 http://secunia.com/advisories/20672 http://secunia.com/advisories/20750 http://secunia.com/advisories/20849 htt •

CVSS: 5.0EPSS: 10%CPEs: 33EXPL: 3

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. • https://www.exploit-db.com/exploits/4850 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html http://secunia.com/advisories/19246 http://secunia.com/advisories/19528 http://secunia.com/advisories/19619 http://secunia.com/advisories/19692 http://secunia.com/advisories/19897 http://securityreason.com/securityalert/590 http://securitytracker.com/id?1015771 http://www.debian.org/security/2006/dsa-1033 http://www.debian.org/security/2006/dsa-1034 http:/&#x •