CVE-2006-4256
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir páginas web de otros sitios, lo que podría ser útil para ataques de phishing, mediante una URL en el parámetro url, también conocido como "referencia en sitios cruzados" (cross-site referencing). NOTA: algunas fuetnes se han referido a este problema como XSS, pero es diferente del clásico XSS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-08-21 CVE Reserved
- 2006-08-21 CVE Published
- 2023-10-17 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://lists.horde.org/archives/announce/2006/000292.html | Mailing List | |
| http://secunia.com/advisories/27565 | Third Party Advisory | |
| http://securityreason.com/securityalert/1422 | Third Party Advisory | |
| http://securitytracker.com/id?1016713 | Vdb Entry | |
| http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/443360/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/3309 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28411 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/21500 | 2018-10-17 | |
| http://www.debian.org/security/2007/dsa-1406 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0 Search vendor "Horde" for product "Application Framework" and version "3.0" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.1 Search vendor "Horde" for product "Application Framework" and version "3.0.1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.2 Search vendor "Horde" for product "Application Framework" and version "3.0.2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.3 Search vendor "Horde" for product "Application Framework" and version "3.0.3" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.4 Search vendor "Horde" for product "Application Framework" and version "3.0.4" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.4_rc1 Search vendor "Horde" for product "Application Framework" and version "3.0.4_rc1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.4_rc2 Search vendor "Horde" for product "Application Framework" and version "3.0.4_rc2" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.6 Search vendor "Horde" for product "Application Framework" and version "3.0.6" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.7 Search vendor "Horde" for product "Application Framework" and version "3.0.7" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.8 Search vendor "Horde" for product "Application Framework" and version "3.0.8" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.0.9 Search vendor "Horde" for product "Application Framework" and version "3.0.9" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.1 Search vendor "Horde" for product "Application Framework" and version "3.1" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Application Framework Search vendor "Horde" for product "Application Framework" | 3.1.1 Search vendor "Horde" for product "Application Framework" and version "3.1.1" | - |
Affected
| ||||||