CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 2CVE-2009-2360 – Horde 3.1 - 'Passwd' Module Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2360
Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Passwd anteriores a v3.1.1 de Horde, permite a los atacantes remotos inyectar código web o HTML a través del parametro backend • https://www.exploit-db.com/exploits/33065 http://bugs.horde.org/ticket/8398 http://lists.horde.org/archives/announce/2009/000507.html http://secunia.com/advisories/35720 http://secunia.com/advisories/35769 http://www.debian.org/security/2009/dsa-1829 http://www.securityfocus.com/bid/35573 http://www.vupen.com/english/advisories/2009/1784 https://exchange.xforce.ibmcloud.com/vulnerabilities/51542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1313
https://notcve.org/view.php?id=CVE-2005-1313
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. • http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002147.html http://secunia.com/advisories/15075 •