CVE-2005-4190
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Application Framework anteriores a 3.0.8 permiten a usuarios remotos autenticados inyectar HTML o 'script' web de su elección mediante múltiples vectores, como se ha demostrado mediante (1) el campo identidad, (2) los campos de búsqueda "Category" y (3) "Label", (4) el campo "Mobile Phone", y (5) los campos "Date" y "Time" cuando se importa ficheros CSV, lo cual ha sido explotado mediante módulos como (a) Turba Address Book, (b) Kronolith, (c) Mnemo, y (d) Nag.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2005-12-13 CVE Reserved
- 2005-12-13 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://www.sec-consult.com/245.html | X_refsource_misc | |
http://www.securityfocus.com/bid/15802 | Vdb Entry | |
http://www.securityfocus.com/bid/15803 | Vdb Entry | |
http://www.securityfocus.com/bid/15804 | Vdb Entry | |
http://www.securityfocus.com/bid/15806 | Vdb Entry | |
http://www.securityfocus.com/bid/15808 | Vdb Entry | |
http://www.securityfocus.com/bid/15810 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.horde.org/archives/announce/2005/000238.html | 2011-09-13 | |
http://secunia.com/advisories/17970 | 2011-09-13 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/19619 | 2011-09-13 | |
http://secunia.com/advisories/19897 | 2011-09-13 | |
http://secunia.com/advisories/20960 | 2011-09-13 | |
http://www.debian.org/security/2006/dsa-1033 | 2011-09-13 | |
http://www.novell.com/linux/security/advisories/2006_04_28.html | 2011-09-13 | |
http://www.novell.com/linux/security/advisories/2006_16_sr.html | 2011-09-13 | |
http://www.vupen.com/english/advisories/2005/2835 | 2011-09-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.0 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.0" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.2 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.2" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.2_1 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.2_1" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3_2 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_2" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3_3 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_3" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.3_4 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.3_4" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.4 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.4" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.5 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.5" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.6 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.6" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.8 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.8" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.9 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.9" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.10 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.10" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.0.11 Search vendor "Horde" for product "Horde Application Framework" and version "1.0.11" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.0 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.0" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.1 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.1" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.2 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.2" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.3 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.3" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.4 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.4" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.5 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.5" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.6 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.6" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.7 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.7" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.2.8 Search vendor "Horde" for product "Horde Application Framework" and version "1.2.8" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.3.3 Search vendor "Horde" for product "Horde Application Framework" and version "1.3.3" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 1.3.4 Search vendor "Horde" for product "Horde Application Framework" and version "1.3.4" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.0 Search vendor "Horde" for product "Horde Application Framework" and version "2.0" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.1 Search vendor "Horde" for product "Horde Application Framework" and version "2.1" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2 Search vendor "Horde" for product "Horde Application Framework" and version "2.2" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.1 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.1" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.3 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.3" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.4 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.4" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.5 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.5" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.6 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.6" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.7 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.7" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.8 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.8" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 2.2.9 Search vendor "Horde" for product "Horde Application Framework" and version "2.2.9" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.1 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.1" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.2 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.2" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.3 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.3" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.4 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.4" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.5 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.5" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.6 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.6" | - |
Affected
| ||||||
Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | 3.0.7 Search vendor "Horde" for product "Horde Application Framework" and version "3.0.7" | - |
Affected
|