// For flags

CVE-2005-4190

 

Severity Score

3.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o 'script' web de su elección mediante múltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de búsqueda "Category" y (3) "Label", (4) el campo "Mobile Phone", y (5) los campos "Date" y "Time" cuando se importa ficheros CSV, lo cual ha sido explotado mediante módulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-12-13 CVE Reserved
  • 2005-12-13 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.0
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.0"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.2
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.2"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.2_1
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.2_1"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.3
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.3_2
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_2"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.3_3
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_3"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.3_4
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_4"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.4
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.4"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.5
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.5"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.6
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.6"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.8
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.8"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.9
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.9"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.10
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.10"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.0.11
Search vendor "Horde" for product "Horde Application Framework" and version "1.0.11"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.0
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.0"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.1
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.1"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.2
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.2"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.3
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.3"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.4
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.4"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.5
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.5"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.6
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.6"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.7
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.7"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.2.8
Search vendor "Horde" for product "Horde Application Framework" and version "1.2.8"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.3.3
Search vendor "Horde" for product "Horde Application Framework" and version "1.3.3"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
1.3.4
Search vendor "Horde" for product "Horde Application Framework" and version "1.3.4"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.0
Search vendor "Horde" for product "Horde Application Framework" and version "2.0"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.1
Search vendor "Horde" for product "Horde Application Framework" and version "2.1"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2
Search vendor "Horde" for product "Horde Application Framework" and version "2.2"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.1
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.1"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.3
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.3"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.4
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.4"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.5
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.5"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.6
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.6"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.7
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.7"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.8
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.8"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
2.2.9
Search vendor "Horde" for product "Horde Application Framework" and version "2.2.9"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.1
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.1"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.2
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.2"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.3
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.3"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.4
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.4"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.5
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.5"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.6
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.6"
-
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
3.0.7
Search vendor "Horde" for product "Horde Application Framework" and version "3.0.7"
-
Affected