CVE-2005-4190
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o 'script' web de su elección mediante múltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de búsqueda "Category" y (3) "Label", (4) el campo "Mobile Phone", y (5) los campos "Date" y "Time" cuando se importa ficheros CSV, lo cual ha sido explotado mediante módulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-12-13 CVE Reserved
- 2005-12-13 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://www.sec-consult.com/245.html | X_refsource_misc | |
| http://www.securityfocus.com/bid/15802 | Vdb Entry | |
| http://www.securityfocus.com/bid/15803 | Vdb Entry | |
| http://www.securityfocus.com/bid/15804 | Vdb Entry | |
| http://www.securityfocus.com/bid/15806 | Vdb Entry | |
| http://www.securityfocus.com/bid/15808 | Vdb Entry | |
| http://www.securityfocus.com/bid/15810 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.horde.org/archives/announce/2005/000238.html | 2011-09-13 | |
| http://secunia.com/advisories/17970 | 2011-09-13 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/19619 | 2011-09-13 | |
| http://secunia.com/advisories/19897 | 2011-09-13 | |
| http://secunia.com/advisories/20960 | 2011-09-13 | |
| http://www.debian.org/security/2006/dsa-1033 | 2011-09-13 | |
| http://www.novell.com/linux/security/advisories/2006_04_28.html | 2011-09-13 | |
| http://www.novell.com/linux/security/advisories/2006_16_sr.html | 2011-09-13 | |
| http://www.vupen.com/english/advisories/2005/2835 | 2011-09-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.0 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.0" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.2 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.2_1 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.2_1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3_2 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3_3 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3_4 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.4 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.5 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.5" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.6 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.6" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.8 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.8" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.9 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.9" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.10 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.10" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.11 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.11" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.0 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.0" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.1 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.2 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.3 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.4 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.5 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.5" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.6 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.6" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.7 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.7" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.8 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.8" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.3.3 Search vendor "Horde" for product "Horde Application Framework" and version "1.3.3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.3.4 Search vendor "Horde" for product "Horde Application Framework" and version "1.3.4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.0 Search vendor "Horde" for product "Horde Application Framework" and version "2.0" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.1 Search vendor "Horde" for product "Horde Application Framework" and version "2.1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2 Search vendor "Horde" for product "Horde Application Framework" and version "2.2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.1 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.3 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.4 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.5 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.5" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.6 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.6" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.7 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.7" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.8 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.8" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.9 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.9" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.1 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.2 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.3 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.4 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.5 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.5" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.6 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.6" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.7 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.7" | - |
Affected
| ||||||