CVE-2008-2783
Horde Multiple Product - 'day.php?Timestamp' Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en Horde Groupware, Groupware Webmail Edition y Kronolith, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro timestamp en (1) week.php, (2) workweek.php y (3) day.php; y (4) parámetro horde en PATH_INFO de la URI por defeceto. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-05-24 First Exploit
- 2008-06-19 CVE Reserved
- 2008-06-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42640 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31840 | 2008-05-24 | |
| https://www.exploit-db.com/exploits/31839 | 2008-05-24 | |
| https://www.exploit-db.com/exploits/31838 | 2008-05-24 | |
| http://www.securityfocus.com/bid/29365 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | * | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Webmail Edition Search vendor "Horde" for product "Groupware Webmail Edition" | * | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Kronolith Search vendor "Horde" for product "Kronolith" | * | - |
Affected
| ||||||