Search criteria
24 vulnerabilities found for application_framework by horde
FKIE_CVE-2009-3701
Vulnerability from fkie_nvd - Published: 2009-12-21 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD5438E-7D99-4286-81F3-1A304E9A7BDA",
"versionEndIncluding": "3.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3532FD-0E85-4EDC-A3A7-76F8BA915B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D39B3B91-16B9-4B5B-AB4E-9BA568CC1E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBE1BB3-EAB6-4388-95C2-0513B0D6A327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B402F70-BAAD-44D6-B414-F615F973DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F2DA0C-C8A3-429C-83C7-B2983D3FF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7535FE38-0FBD-48CC-9FDE-C7CA2C18CA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A14A770E-60BC-4698-8BFC-5FB745A52279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A0AA21-C88D-45C4-9D95-414B2278E601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE35AF8-CA38-42FB-BA32-057BCA2CA2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CA767-F49D-48E9-80CE-78B65DD14DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC8BBFC-263E-4735-847D-5544D18922E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1F389-5D64-4B8C-B207-7D23F0C12DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8892DF-11F2-4991-97E8-D561DEAC4F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B46B6F5-055E-44EB-BB78-503811C0E57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66B197B0-F3B7-40D6-9872-C1A94622C242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2698E2D7-09BF-4490-B362-4245CD3087D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B40A46-117D-4D85-8CC8-27236A3280C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFBECFF-D1A4-465D-B59F-E70246DE4BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "57ABD1BD-6676-4B54-9F3E-FACF1346794F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EC6167-5D16-4236-8EBC-412EE1784802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4F6A2A-05B6-42EA-8F61-D0AB610A6757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F91CDA-B425-4DB2-89E4-12267B600D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8BB743-A760-4C72-880C-759E54FB7CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89477FCC-C925-418A-A3FF-F5B02736600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5862181-4CE7-452F-8877-41E099440188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E601FE-94F1-48AD-A0F2-42824A3A4FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CF33A8-C497-4C86-8C5D-7181597BEC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30B312DB-14BE-425C-9B07-0CBED6F39E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CF2865-CA12-4C4C-9BEC-7A97E6AAB377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF389AE4-D2AD-4992-BFBD-68FB1CBEE50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5611B7D8-8AEF-42A8-8132-39CE773A7C18",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D59C23FB-E223-4EED-8F69-3CC1EE7DF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "904EEFF0-CF66-43E6-BAA9-1A6FB4115CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AB0176-9CB3-4D49-B644-2C413C9B6E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5611B7D8-8AEF-42A8-8132-39CE773A7C18",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E55009DF-EDF1-4FAE-88E7-1CF33BFFEBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "980162BB-48B3-4921-987A-6D18C62965A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D59C23FB-E223-4EED-8F69-3CC1EE7DF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "904EEFF0-CF66-43E6-BAA9-1A6FB4115CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AB0176-9CB3-4D49-B644-2C413C9B6E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C95E9B57-2DB0-4692-A7D1-180EC3687D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7D8683-8DD4-4EB0-A28F-0C556304BB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68E5D5-7812-4FB2-ACF9-76180B038D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37B76B27-ADF0-4E88-B92C-304FB38A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "965F245A-879A-4DF0-ABC5-588E78C4CBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3DCB29F9-3875-4264-8117-5751FEDC3350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "59FC250F-EF0B-4604-99A2-3EEB8B2DEB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF1A6AE-0748-476B-ACE2-DA43A9443B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F577A169-8354-4218-B3C6-04DA4BDF1E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el interfaz de administraci\u00f3n en Horde Application Framework versiones anteriores a v3.3.6, Horde Groupware versiones anteriores a v1.2.5, y Horde Groupware Webmail Edition versiones anteriores a v1.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el PATH_INFO en (1) phpshell.php, (2) cmdshell.php, o (3) sqlshell.php en admin/, relacionado con la variable PHP_SELF."
}
],
"id": "CVE-2009-3701",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-21T16:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37709"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37823"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023365"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37351"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4363
Vulnerability from fkie_nvd - Published: 2009-12-21 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD5438E-7D99-4286-81F3-1A304E9A7BDA",
"versionEndIncluding": "3.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3532FD-0E85-4EDC-A3A7-76F8BA915B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D39B3B91-16B9-4B5B-AB4E-9BA568CC1E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBE1BB3-EAB6-4388-95C2-0513B0D6A327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B402F70-BAAD-44D6-B414-F615F973DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F2DA0C-C8A3-429C-83C7-B2983D3FF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7535FE38-0FBD-48CC-9FDE-C7CA2C18CA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A14A770E-60BC-4698-8BFC-5FB745A52279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A0AA21-C88D-45C4-9D95-414B2278E601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE35AF8-CA38-42FB-BA32-057BCA2CA2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CA767-F49D-48E9-80CE-78B65DD14DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC8BBFC-263E-4735-847D-5544D18922E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1F389-5D64-4B8C-B207-7D23F0C12DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8892DF-11F2-4991-97E8-D561DEAC4F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B46B6F5-055E-44EB-BB78-503811C0E57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66B197B0-F3B7-40D6-9872-C1A94622C242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2698E2D7-09BF-4490-B362-4245CD3087D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B40A46-117D-4D85-8CC8-27236A3280C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFBECFF-D1A4-465D-B59F-E70246DE4BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "57ABD1BD-6676-4B54-9F3E-FACF1346794F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EC6167-5D16-4236-8EBC-412EE1784802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4F6A2A-05B6-42EA-8F61-D0AB610A6757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F91CDA-B425-4DB2-89E4-12267B600D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8BB743-A760-4C72-880C-759E54FB7CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89477FCC-C925-418A-A3FF-F5B02736600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5862181-4CE7-452F-8877-41E099440188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E601FE-94F1-48AD-A0F2-42824A3A4FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CF33A8-C497-4C86-8C5D-7181597BEC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30B312DB-14BE-425C-9B07-0CBED6F39E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CF2865-CA12-4C4C-9BEC-7A97E6AAB377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF389AE4-D2AD-4992-BFBD-68FB1CBEE50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5611B7D8-8AEF-42A8-8132-39CE773A7C18",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D59C23FB-E223-4EED-8F69-3CC1EE7DF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "904EEFF0-CF66-43E6-BAA9-1A6FB4115CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AB0176-9CB3-4D49-B644-2C413C9B6E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5611B7D8-8AEF-42A8-8132-39CE773A7C18",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E55009DF-EDF1-4FAE-88E7-1CF33BFFEBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "980162BB-48B3-4921-987A-6D18C62965A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D59C23FB-E223-4EED-8F69-3CC1EE7DF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "904EEFF0-CF66-43E6-BAA9-1A6FB4115CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AB0176-9CB3-4D49-B644-2C413C9B6E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C95E9B57-2DB0-4692-A7D1-180EC3687D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7D8683-8DD4-4EB0-A28F-0C556304BB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9F68E5D5-7812-4FB2-ACF9-76180B038D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37B76B27-ADF0-4E88-B92C-304FB38A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "965F245A-879A-4DF0-ABC5-588E78C4CBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3DCB29F9-3875-4264-8117-5751FEDC3350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "59FC250F-EF0B-4604-99A2-3EEB8B2DEB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF1A6AE-0748-476B-ACE2-DA43A9443B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F577A169-8354-4218-B3C6-04DA4BDF1E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\""
},
{
"lang": "es",
"value": "Text_Filter/lib/Horde/Text/Filter/Xss.php en Horde Application Framework versiones anteriores a v3.3.6, Horde Groupware versiones anteriores a v1.2.5, y Horde Groupware Webmail Edition versiones anteriores a v1.2.5 no maneja adecuadamente data: URIs, permitiendo a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores data:text/html para el atributo HREF de un elemento A en un mensaje HTML de correo electr\u00f3nico. NOTA: el proveedor mantiene que el incidente est\u00e1 causado por \"una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el navegador Firefox\"."
}
],
"id": "CVE-2009-4363",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-21T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.horde.org/ticket/8715"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.horde.org/ticket/8715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023365"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3236
Vulnerability from fkie_nvd - Published: 2009-09-17 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | application_framework | 3.2 | |
| horde | application_framework | 3.2.1 | |
| horde | application_framework | 3.2.2 | |
| horde | application_framework | 3.2.3 | |
| horde | application_framework | 3.2.4 | |
| horde | application_framework | 3.3 | |
| horde | application_framework | 3.3.1 | |
| horde | application_framework | 3.3.2 | |
| horde | application_framework | 3.3.3 | |
| horde | application_framework | 3.3.4 | |
| horde | groupware | 1.1 | |
| horde | groupware | 1.1.1 | |
| horde | groupware | 1.1.2 | |
| horde | groupware | 1.1.3 | |
| horde | groupware | 1.1.4 | |
| horde | groupware | 1.1.5 | |
| horde | groupware | 1.2 | |
| horde | groupware | 1.2 | |
| horde | groupware | 1.2.1 | |
| horde | groupware | 1.2.2 | |
| horde | groupware | 1.2.3 | |
| horde | groupware | 1.1 | |
| horde | groupware | 1.1 | |
| horde | groupware | 1.1 | |
| horde | groupware | 1.1 | |
| horde | groupware | 1.1 | |
| horde | groupware | 1.1.1 | |
| horde | groupware | 1.1.2 | |
| horde | groupware | 1.1.3 | |
| horde | groupware | 1.1.4 | |
| horde | groupware | 1.1.5 | |
| horde | groupware | 1.2 | |
| horde | groupware | 1.2 | |
| horde | groupware | 1.2.1 | |
| horde | groupware | 1.2.2 | |
| horde | groupware | 1.2.3 | |
| horde | groupware | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F91CDA-B425-4DB2-89E4-12267B600D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8BB743-A760-4C72-880C-759E54FB7CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89477FCC-C925-418A-A3FF-F5B02736600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5862181-4CE7-452F-8877-41E099440188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E601FE-94F1-48AD-A0F2-42824A3A4FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CF33A8-C497-4C86-8C5D-7181597BEC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30B312DB-14BE-425C-9B07-0CBED6F39E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CF2865-CA12-4C4C-9BEC-7A97E6AAB377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF389AE4-D2AD-4992-BFBD-68FB1CBEE50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "37B76B27-ADF0-4E88-B92C-304FB38A356E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "965F245A-879A-4DF0-ABC5-588E78C4CBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3DCB29F9-3875-4264-8117-5751FEDC3350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "59FC250F-EF0B-4604-99A2-3EEB8B2DEB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F577A169-8354-4218-B3C6-04DA4BDF1E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements."
},
{
"lang": "es",
"value": "La biblioteca de formularios en Horde Application Framework versi\u00f3n 3.2 anterior a 3.2.5 y versi\u00f3n 3.3 anterior a 3.3.5; Groupware versi\u00f3n 1.1 anterior a 1.1.6 y versi\u00f3n 1.2 anterior a 1.2.4; y Groupware Webmail Edition versi\u00f3n 1.1 anterior a 1.1.6 y versi\u00f3n 1.2 anterior a 1.2.4; reutiliza los nombres de archivo temporales durante el proceso de carga, lo que permite a los atacantes remotos, con privilegios para escribir en la libreta de direcciones, sobrescribir archivos arbitrarios y ejecutar c\u00f3digo PHP por medio de elementos de campo de formulario Horde_Form_Type_image creados."
}
],
"id": "CVE-2009-3236",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-17T10:30:01.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36882"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/58107"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/58107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5917
Vulnerability from fkie_nvd - Published: 2009-01-21 02:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | application_framework | 3.2.2 | |
| horde | application_framework | 3.3 | |
| microsoft | internet_explorer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89477FCC-C925-418A-A3FF-F5B02736600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el filtro XSS(framework/Text_Filter/Filter/xss.php) en Horde Application Framework v3.2.2 y v3.3, cunado Internet Explorer est\u00e1 siendo utilizado, permite a atacantes remotos inyectar secuencias de comando web o HTML a trav\u00e9s de vectores desconocidos relacionados con atributos \"style\"."
}
],
"id": "CVE-2008-5917",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-21T02:30:00.233",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2008/000462.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2008/000464.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34418"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2008/000462.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.horde.org/archives/announce/2008/000464.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34609"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4256
Vulnerability from fkie_nvd - Published: 2006-08-21 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | application_framework | 3.0 | |
| horde | application_framework | 3.0.1 | |
| horde | application_framework | 3.0.2 | |
| horde | application_framework | 3.0.3 | |
| horde | application_framework | 3.0.4 | |
| horde | application_framework | 3.0.4_rc1 | |
| horde | application_framework | 3.0.4_rc2 | |
| horde | application_framework | 3.0.6 | |
| horde | application_framework | 3.0.7 | |
| horde | application_framework | 3.0.8 | |
| horde | application_framework | 3.0.9 | |
| horde | application_framework | 3.1 | |
| horde | application_framework | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC8BBFC-263E-4735-847D-5544D18922E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1F389-5D64-4B8C-B207-7D23F0C12DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8892DF-11F2-4991-97E8-D561DEAC4F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B46B6F5-055E-44EB-BB78-503811C0E57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66B197B0-F3B7-40D6-9872-C1A94622C242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAAF02-1B61-421A-887C-107B7234262B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "01557585-CE92-49FB-B9BB-AAAE7D355BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2698E2D7-09BF-4490-B362-4245CD3087D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B40A46-117D-4D85-8CC8-27236A3280C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFBECFF-D1A4-465D-B59F-E70246DE4BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "57ABD1BD-6676-4B54-9F3E-FACF1346794F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EC6167-5D16-4236-8EBC-412EE1784802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4F6A2A-05B6-42EA-8F61-D0AB610A6757",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
},
{
"lang": "es",
"value": "index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir p\u00e1ginas web de otros sitios, lo que podr\u00eda ser \u00fatil para ataques de phishing, mediante una URL en el par\u00e1metro url, tambi\u00e9n conocido como \"referencia en sitios cruzados\" (cross-site referencing). NOTA: algunas fuetnes se han referido a este problema como XSS, pero es diferente del cl\u00e1sico XSS."
}
],
"id": "CVE-2006-4256",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-21T20:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21500"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1422"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016713"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "cve@mitre.org",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1491
Vulnerability from fkie_nvd - Published: 2006-03-29 22:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | application_framework | 3.0 | |
| horde | application_framework | 3.0.1 | |
| horde | application_framework | 3.0.2 | |
| horde | application_framework | 3.0.3 | |
| horde | application_framework | 3.0.4 | |
| horde | application_framework | 3.0.4_rc1 | |
| horde | application_framework | 3.0.4_rc2 | |
| horde | application_framework | 3.0.6 | |
| horde | application_framework | 3.0.7 | |
| horde | application_framework | 3.0.8 | |
| horde | application_framework | 3.0.9 | |
| horde | application_framework | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC8BBFC-263E-4735-847D-5544D18922E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB1F389-5D64-4B8C-B207-7D23F0C12DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8892DF-11F2-4991-97E8-D561DEAC4F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B46B6F5-055E-44EB-BB78-503811C0E57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66B197B0-F3B7-40D6-9872-C1A94622C242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAAF02-1B61-421A-887C-107B7234262B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "01557585-CE92-49FB-B9BB-AAAE7D355BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2698E2D7-09BF-4490-B362-4245CD3087D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B40A46-117D-4D85-8CC8-27236A3280C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFBECFF-D1A4-465D-B59F-E70246DE4BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "57ABD1BD-6676-4B54-9F3E-FACF1346794F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79EC6167-5D16-4236-8EBC-412EE1784802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer."
}
],
"id": "CVE-2006-1491",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-29T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19485"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19504"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19528"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19619"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19692"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015841"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0961
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | application_framework | 3.0.4_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:3.0.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAAF02-1B61-421A-887C-107B7234262B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title."
}
],
"id": "CVE-2005-0961",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14730"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2741
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | application_framework | 2.0 | |
| horde | application_framework | 2.1 | |
| horde | application_framework | 2.1.3 | |
| horde | application_framework | 2.2 | |
| horde | application_framework | 2.2.1 | |
| horde | application_framework | 2.2.3 | |
| horde | application_framework | 2.2.4 | |
| horde | application_framework | 2.2.4_rc1 | |
| horde | application_framework | 2.2.5 | |
| horde | application_framework | 2.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:application_framework:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3532FD-0E85-4EDC-A3A7-76F8BA915B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D39B3B91-16B9-4B5B-AB4E-9BA568CC1E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBE1BB3-EAB6-4388-95C2-0513B0D6A327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B402F70-BAAD-44D6-B414-F615F973DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F2DA0C-C8A3-429C-83C7-B2983D3FF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7535FE38-0FBD-48CC-9FDE-C7CA2C18CA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A14A770E-60BC-4698-8BFC-5FB745A52279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A0AA21-C88D-45C4-9D95-414B2278E601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE35AF8-CA38-42FB-BA32-057BCA2CA2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:application_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C91CA767-F49D-48E9-80CE-78B65DD14DF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters."
}
],
"id": "CVE-2004-2741",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12992"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011959"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11164"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11546"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-4363 (GCVE-0-2009-4363)
Vulnerability from cvelistv5 – Published: 2009-12-21 16:00 – Updated: 2024-09-17 01:20
VLAI?
Summary
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/ticket/8715"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-21T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/ticket/8715"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "http://bugs.horde.org/ticket/8715",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/ticket/8715"
},
{
"name": "1023365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4363",
"datePublished": "2009-12-21T16:00:00Z",
"dateReserved": "2009-12-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:38.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3701 (GCVE-0-2009-3701)
Vulnerability from cvelistv5 – Published: 2009-12-21 16:00 – Updated: 2024-08-07 06:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37823"
},
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "ADV-2009-3549",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"name": "horde-admininterface-xss(54817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"name": "37351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37351"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "37709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37709"
},
{
"name": "ADV-2009-3572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37823"
},
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "ADV-2009-3549",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"name": "horde-admininterface-xss(54817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"name": "37351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37351"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "37709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37709"
},
{
"name": "ADV-2009-3572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37823"
},
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "ADV-2009-3549",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"name": "horde-admininterface-xss(54817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"name": "37351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37351"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "37709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37709"
},
{
"name": "ADV-2009-3572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"name": "1023365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3701",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-10-15T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3236 (GCVE-0-2009-3236)
Vulnerability from cvelistv5 – Published: 2009-09-17 10:00 – Updated: 2024-08-07 06:22
VLAI?
Summary
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:23.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58107"
},
{
"name": "36882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36882"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36665"
},
{
"name": "DSA-1897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "horde-application-form-file-overwrite(53202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58107"
},
{
"name": "36882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36882"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36665"
},
{
"name": "DSA-1897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "horde-application-form-file-overwrite(53202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58107",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58107"
},
{
"name": "36882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36882"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36665"
},
{
"name": "DSA-1897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "horde-application-form-file-overwrite(53202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3236",
"datePublished": "2009-09-17T10:00:00",
"dateReserved": "2009-09-16T00:00:00",
"dateUpdated": "2024-08-07T06:22:23.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5917 (GCVE-0-2008-5917)
Vulnerability from cvelistv5 – Published: 2009-01-21 02:00 – Updated: 2024-08-07 11:13
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
},
{
"name": "[announce] Horde 3.2.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000462.html"
},
{
"name": "34609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34609"
},
{
"name": "[announce] Horde 3.3.1 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000464.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-01T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
},
{
"name": "[announce] Horde 3.2.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000462.html"
},
{
"name": "34609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34609"
},
{
"name": "[announce] Horde 3.3.1 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000464.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-5917",
"datePublished": "2009-01-21T02:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2741 (GCVE-0-2004-2741)
Vulnerability from cvelistv5 – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11164"
},
{
"name": "11546",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11546"
},
{
"name": "12992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12992"
},
{
"name": "[horde-announce] 20041026 Horde 2.2.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"name": "horde-help-window-xss(17881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"name": "1011959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11164"
},
{
"name": "11546",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11546"
},
{
"name": "12992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12992"
},
{
"name": "[horde-announce] 20041026 Horde 2.2.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"name": "horde-help-window-xss(17881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"name": "1011959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11164",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11164"
},
{
"name": "11546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11546"
},
{
"name": "12992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12992"
},
{
"name": "[horde-announce] 20041026 Horde 2.2.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"name": "horde-help-window-xss(17881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"name": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"name": "1011959",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2741",
"datePublished": "2007-10-09T10:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4256 (GCVE-0-2006-4256)
Vulnerability from cvelistv5 – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4256",
"datePublished": "2006-08-21T20:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1491 (GCVE-0-2006-1491)
Vulnerability from cvelistv5 – Published: 2006-03-29 22:00 – Updated: 2024-08-07 17:12
VLAI?
Summary
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:22.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "17292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17292"
},
{
"name": "20060330 Recent unspecified Horde vuln is eval injection",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "horde-help-viewer-command-execution(25516)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"name": "19485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "SUSE-SR:2006:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name": "ADV-2006-1154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "1015841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015841"
},
{
"name": "19504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19504"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "17292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17292"
},
{
"name": "20060330 Recent unspecified Horde vuln is eval injection",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "horde-help-viewer-command-execution(25516)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"name": "19485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "SUSE-SR:2006:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name": "ADV-2006-1154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "1015841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015841"
},
{
"name": "19504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19504"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200604-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "17292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17292"
},
{
"name": "20060330 Recent unspecified Horde vuln is eval injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"name": "19528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19528"
},
{
"name": "horde-help-viewer-command-execution(25516)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"name": "19485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19485"
},
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"name": "19692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19692"
},
{
"name": "SUSE-SR:2006:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name": "ADV-2006-1154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "1015841",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015841"
},
{
"name": "19504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19504"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000272.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000271.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1491",
"datePublished": "2006-03-29T22:00:00",
"dateReserved": "2006-03-29T00:00:00",
"dateUpdated": "2024-08-07T17:12:22.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0961 (GCVE-0-2005-0961)
Vulnerability from cvelistv5 – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:35
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"name": "SUSE-SR:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"name": "14730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"name": "SUSE-SR:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"name": "14730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.horde.org/archives/announce/2005/000176.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"name": "SUSE-SR:2005:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"name": "14730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0961",
"datePublished": "2005-04-03T05:00:00",
"dateReserved": "2005-04-03T00:00:00",
"dateUpdated": "2024-08-07T21:35:58.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4363 (GCVE-0-2009-4363)
Vulnerability from nvd – Published: 2009-12-21 16:00 – Updated: 2024-09-17 01:20
VLAI?
Summary
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.horde.org/ticket/8715"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-21T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.horde.org/ticket/8715"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/view.php?actionID=view_file\u0026type=patch\u0026file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch\u0026ticket=8715"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "http://bugs.horde.org/ticket/8715",
"refsource": "CONFIRM",
"url": "http://bugs.horde.org/ticket/8715"
},
{
"name": "1023365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4363",
"datePublished": "2009-12-21T16:00:00Z",
"dateReserved": "2009-12-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:38.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3701 (GCVE-0-2009-3701)
Vulnerability from nvd – Published: 2009-12-21 16:00 – Updated: 2024-08-07 06:38
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37823"
},
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "ADV-2009-3549",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"name": "horde-admininterface-xss(54817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"name": "37351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37351"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "37709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37709"
},
{
"name": "ADV-2009-3572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37823"
},
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "ADV-2009-3549",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"name": "horde-admininterface-xss(54817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"name": "37351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37351"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "37709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37709"
},
{
"name": "ADV-2009-3572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"name": "1023365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37823"
},
{
"name": "[announce] 20091216 Horde Groupware 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126100750018478\u0026w=2"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html"
},
{
"name": "[announce] 20091215 Horde 3.3.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2009/000529.html"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559\u0026r2=1.515.2.589\u0026ty=h"
},
{
"name": "ADV-2009-3549",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3549"
},
{
"name": "20091217 [ISecAuditors Security Advisories] Horde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508531/100/0/threaded"
},
{
"name": "horde-admininterface-xss(54817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817"
},
{
"name": "37351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37351"
},
{
"name": "[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=126101076422179\u0026w=2"
},
{
"name": "37709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37709"
},
{
"name": "ADV-2009-3572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3572"
},
{
"name": "1023365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3701",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-10-15T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3236 (GCVE-0-2009-3236)
Vulnerability from nvd – Published: 2009-09-17 10:00 – Updated: 2024-08-07 06:22
VLAI?
Summary
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:23.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58107"
},
{
"name": "36882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36882"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36665"
},
{
"name": "DSA-1897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "horde-application-form-file-overwrite(53202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58107"
},
{
"name": "36882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36882"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36665"
},
{
"name": "DSA-1897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "horde-application-form-file-overwrite(53202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58107",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58107"
},
{
"name": "36882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36882"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2"
},
{
"name": "36665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36665"
},
{
"name": "DSA-1897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1897"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2"
},
{
"name": "[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2"
},
{
"name": "horde-application-form-file-overwrite(53202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202"
},
{
"name": "[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)",
"refsource": "MLIST",
"url": "http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3236",
"datePublished": "2009-09-17T10:00:00",
"dateReserved": "2009-09-16T00:00:00",
"dateUpdated": "2024-08-07T06:22:23.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5917 (GCVE-0-2008-5917)
Vulnerability from nvd – Published: 2009-01-21 02:00 – Updated: 2024-08-07 11:13
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
},
{
"name": "[announce] Horde 3.2.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000462.html"
},
{
"name": "34609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34609"
},
{
"name": "[announce] Horde 3.3.1 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000464.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-01T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
},
{
"name": "[announce] Horde 3.2.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000462.html"
},
{
"name": "34609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34609"
},
{
"name": "[announce] Horde 3.3.1 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000464.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-5917",
"datePublished": "2009-01-21T02:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2741 (GCVE-0-2004-2741)
Vulnerability from nvd – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11164"
},
{
"name": "11546",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11546"
},
{
"name": "12992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12992"
},
{
"name": "[horde-announce] 20041026 Horde 2.2.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"name": "horde-help-window-xss(17881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"name": "1011959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11164"
},
{
"name": "11546",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11546"
},
{
"name": "12992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12992"
},
{
"name": "[horde-announce] 20041026 Horde 2.2.7 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"name": "horde-help-window-xss(17881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"name": "1011959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"help window\" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11164",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11164"
},
{
"name": "11546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11546"
},
{
"name": "12992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12992"
},
{
"name": "[horde-announce] 20041026 Horde 2.2.7 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2004/000107.html"
},
{
"name": "horde-help-window-xss(17881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17881"
},
{
"name": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4\u0026r2=1.9.2.5\u0026ty=u"
},
{
"name": "1011959",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2741",
"datePublished": "2007-10-09T10:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4256 (GCVE-0-2006-4256)
Vulnerability from nvd – Published: 2006-08-21 20:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4256",
"datePublished": "2006-08-21T20:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1491 (GCVE-0-2006-1491)
Vulnerability from nvd – Published: 2006-03-29 22:00 – Updated: 2024-08-07 17:12
VLAI?
Summary
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:22.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "17292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17292"
},
{
"name": "20060330 Recent unspecified Horde vuln is eval injection",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "horde-help-viewer-command-execution(25516)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"name": "19485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "SUSE-SR:2006:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name": "ADV-2006-1154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "1015841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015841"
},
{
"name": "19504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19504"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200604-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "17292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17292"
},
{
"name": "20060330 Recent unspecified Horde vuln is eval injection",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"name": "19528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19528"
},
{
"name": "horde-help-viewer-command-execution(25516)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"name": "19485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"name": "19692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19692"
},
{
"name": "SUSE-SR:2006:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name": "ADV-2006-1154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"name": "19619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "1015841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015841"
},
{
"name": "19504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19504"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200604-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml"
},
{
"name": "DSA-1034",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1034"
},
{
"name": "17292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17292"
},
{
"name": "20060330 Recent unspecified Horde vuln is eval injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-March/000671.html"
},
{
"name": "19528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19528"
},
{
"name": "horde-help-viewer-command-execution(25516)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25516"
},
{
"name": "19485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19485"
},
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php\u0026r1=2.85\u0026r2=2.86"
},
{
"name": "19692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19692"
},
{
"name": "SUSE-SR:2006:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_07_sr.html"
},
{
"name": "ADV-2006-1154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1154"
},
{
"name": "19619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19619"
},
{
"name": "DSA-1033",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1033"
},
{
"name": "1015841",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015841"
},
{
"name": "19504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19504"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000272.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000272.html"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000271.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000271.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1491",
"datePublished": "2006-03-29T22:00:00",
"dateReserved": "2006-03-29T00:00:00",
"dateUpdated": "2024-08-07T17:12:22.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0961 (GCVE-0-2005-0961)
Vulnerability from nvd – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:35
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"name": "SUSE-SR:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"name": "14730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"name": "SUSE-SR:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"name": "14730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.horde.org/archives/announce/2005/000176.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2005/000176.html"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49\u0026r2=1.515.2.93\u0026ty=h"
},
{
"name": "SUSE-SR:2005:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
},
{
"name": "14730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0961",
"datePublished": "2005-04-03T05:00:00",
"dateReserved": "2005-04-03T00:00:00",
"dateUpdated": "2024-08-07T21:35:58.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}