cvelistv5 - cve-2006-2195

CVE-2006-2195 (GCVE-0-2006-2195)

Vulnerability from cvelistv5 – Published: 2006-06-15 10:00 – Updated: 2024-08-07 17:43

Summary

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

Severity ?

No CVSS data available.

CWE

Assigner

debian

References

URL

Tags

	http://cvs.horde.org/diff.php?f=horde%2Ftest.php&…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/20750	third-party-advisoryx_refsource_SECUNIA
	http://overlays.gentoo.org/dev/chtekk/browser/hor…	x_refsource_MISC
	http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=h…	x_refsource_CONFIRM
	http://securitytracker.com/id?1016310	vdb-entryx_refsource_SECTRACK
	http://www.debian.org/security/2006/dsa-1098	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/20672	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2006/dsa-1099	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/20849	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/26514	vdb-entryx_refsource_OSVDB
	http://bugs.gentoo.org/show_bug.cgi?id=136830	x_refsource_CONFIRM
	http://secunia.com/advisories/20661	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/26513	vdb-entryx_refsource_OSVDB
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.vupen.com/english/advisories/2006/2356	vdb-entryx_refsource_VUPEN
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/20960	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/18436	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:28.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
          },
          {
            "name": "horde-test-problem-xss(27168)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
          },
          {
            "name": "20750",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20750"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
          },
          {
            "name": "1016310",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016310"
          },
          {
            "name": "DSA-1098",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1098"
          },
          {
            "name": "20672",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20672"
          },
          {
            "name": "DSA-1099",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1099"
          },
          {
            "name": "20849",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20849"
          },
          {
            "name": "26514",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26514"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
          },
          {
            "name": "20661",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20661"
          },
          {
            "name": "26513",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26513"
          },
          {
            "name": "SUSE-SR:2006:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
          },
          {
            "name": "ADV-2006-2356",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2356"
          },
          {
            "name": "GLSA-200606-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
          },
          {
            "name": "20960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20960"
          },
          {
            "name": "18436",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18436"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
        },
        {
          "name": "horde-test-problem-xss(27168)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
        },
        {
          "name": "20750",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20750"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
        },
        {
          "name": "1016310",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016310"
        },
        {
          "name": "DSA-1098",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1098"
        },
        {
          "name": "20672",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20672"
        },
        {
          "name": "DSA-1099",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1099"
        },
        {
          "name": "20849",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20849"
        },
        {
          "name": "26514",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26514"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
        },
        {
          "name": "20661",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20661"
        },
        {
          "name": "26513",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26513"
        },
        {
          "name": "SUSE-SR:2006:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
        },
        {
          "name": "ADV-2006-2356",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2356"
        },
        {
          "name": "GLSA-200606-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
        },
        {
          "name": "20960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20960"
        },
        {
          "name": "18436",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18436"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2006-2195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
              "refsource": "CONFIRM",
              "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
            },
            {
              "name": "horde-test-problem-xss(27168)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
            },
            {
              "name": "20750",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20750"
            },
            {
              "name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
              "refsource": "MISC",
              "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
            },
            {
              "name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
              "refsource": "CONFIRM",
              "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
            },
            {
              "name": "1016310",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016310"
            },
            {
              "name": "DSA-1098",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1098"
            },
            {
              "name": "20672",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20672"
            },
            {
              "name": "DSA-1099",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1099"
            },
            {
              "name": "20849",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20849"
            },
            {
              "name": "26514",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26514"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
            },
            {
              "name": "20661",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20661"
            },
            {
              "name": "26513",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26513"
            },
            {
              "name": "SUSE-SR:2006:016",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
            },
            {
              "name": "ADV-2006-2356",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2356"
            },
            {
              "name": "GLSA-200606-28",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
            },
            {
              "name": "20960",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20960"
            },
            {
              "name": "18436",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18436"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2006-2195",
    "datePublished": "2006-06-15T10:00:00",
    "dateReserved": "2006-05-04T00:00:00",
    "dateUpdated": "2024-08-07T17:43:28.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.9\", \"matchCriteriaId\": \"80E9DE66-064E-4872-AF40-2CC71507399A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF82BE80-C62C-4E1A-8AB9-5773E49142B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74DEABE1-B6C4-4C6F-A098-D5BC9F3C65A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8E486E1-3BC7-444A-8BBB-6571CCF44E0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE8E2B1E-C3C7-466D-982C-36FC51D0BE9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76E3B91F-F391-4126-832C-C5582F5D6FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2912428D-9A74-48C2-8866-669355CAB535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A17589E-AAD1-432A-A5E3-623A8EF66572\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FA1F0BF-6F17-4062-86B0-83EEDA5EAC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"505DFF07-4F63-4A0E-87E4-DC899F345307\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B313A4C-12CE-4CA9-8036-26580152AE7D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s de (1) templates/problem/problem.inc y (2) test.php.\"}]",
      "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nHorde, Horde, 3.1.1",
      "id": "CVE-2006-2195",
      "lastModified": "2024-11-21T00:10:46.127",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-06-15T10:02:00.000",
      "references": "[{\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=136830\", \"source\": \"security@debian.org\"}, {\"url\": \"http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146\", \"source\": \"security@debian.org\"}, {\"url\": \"http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc\", \"source\": \"security@debian.org\"}, {\"url\": \"http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/20661\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/20672\", \"source\": \"security@debian.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20750\", \"source\": \"security@debian.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20849\", \"source\": \"security@debian.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20960\", \"source\": \"security@debian.org\"}, {\"url\": \"http://securitytracker.com/id?1016310\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1098\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2006/dsa-1099\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_16_sr.html\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.osvdb.org/26513\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.osvdb.org/26514\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18436\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2356\", \"source\": \"security@debian.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27168\", \"source\": \"security@debian.org\"}, {\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=136830\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20661\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20672\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20750\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20849\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20960\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016310\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2006/dsa-1099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_16_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/26513\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/26514\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18436\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2356\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@debian.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2195\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2006-06-15T10:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) templates/problem/problem.inc y (2) test.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.9\",\"matchCriteriaId\":\"80E9DE66-064E-4872-AF40-2CC71507399A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF82BE80-C62C-4E1A-8AB9-5773E49142B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74DEABE1-B6C4-4C6F-A098-D5BC9F3C65A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8E486E1-3BC7-444A-8BBB-6571CCF44E0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE8E2B1E-C3C7-466D-982C-36FC51D0BE9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76E3B91F-F391-4126-832C-C5582F5D6FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2912428D-9A74-48C2-8866-669355CAB535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A17589E-AAD1-432A-A5E3-623A8EF66572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA1F0BF-6F17-4062-86B0-83EEDA5EAC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"505DFF07-4F63-4A0E-87E4-DC899F345307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B313A4C-12CE-4CA9-8036-26580152AE7D\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=136830\",\"source\":\"security@debian.org\"},{\"url\":\"http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146\",\"source\":\"security@debian.org\"},{\"url\":\"http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc\",\"source\":\"security@debian.org\"},{\"url\":\"http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/20661\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/20672\",\"source\":\"security@debian.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20750\",\"source\":\"security@debian.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20849\",\"source\":\"security@debian.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20960\",\"source\":\"security@debian.org\"},{\"url\":\"http://securitytracker.com/id?1016310\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1098\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-1099\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_16_sr.html\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.osvdb.org/26513\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.osvdb.org/26514\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.securityfocus.com/bid/18436\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2356\",\"source\":\"security@debian.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27168\",\"source\":\"security@debian.org\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=136830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20672\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-1099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_16_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/26513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/26514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18436\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2356\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability is addressed in the following product release:\\r\\nHorde, Horde, 3.1.1\"}}"
  }
}

FKIE_CVE-2006-2195

Vulnerability from fkie_nvd - Published: 2006-06-15 10:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

References

URL	Tags
security@debian.org	http://bugs.gentoo.org/show_bug.cgi?id=136830
security@debian.org	http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
security@debian.org	http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
security@debian.org	http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt
security@debian.org	http://secunia.com/advisories/20661
security@debian.org	http://secunia.com/advisories/20672	Vendor Advisory
security@debian.org	http://secunia.com/advisories/20750	Vendor Advisory
security@debian.org	http://secunia.com/advisories/20849	Vendor Advisory
security@debian.org	http://secunia.com/advisories/20960
security@debian.org	http://securitytracker.com/id?1016310
security@debian.org	http://www.debian.org/security/2006/dsa-1098	Patch, Vendor Advisory
security@debian.org	http://www.debian.org/security/2006/dsa-1099
security@debian.org	http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml
security@debian.org	http://www.novell.com/linux/security/advisories/2006_16_sr.html
security@debian.org	http://www.osvdb.org/26513
security@debian.org	http://www.osvdb.org/26514
security@debian.org	http://www.securityfocus.com/bid/18436
security@debian.org	http://www.vupen.com/english/advisories/2006/2356
security@debian.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27168
af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=136830
af854a3a-2127-422b-91ae-364da2661108	http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
af854a3a-2127-422b-91ae-364da2661108	http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
af854a3a-2127-422b-91ae-364da2661108	http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20661
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20672	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20750	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20849	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20960
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016310
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1098	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1099
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_16_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26513
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26514
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18436
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2356
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27168

Impacted products

Vendor	Product	Version
horde	horde	*
horde	horde	3.0
horde	horde	3.0.1
horde	horde	3.0.2
horde	horde	3.0.3
horde	horde	3.0.4
horde	horde	3.0.4_rc1
horde	horde	3.0.4_rc2
horde	horde	3.0.6
horde	horde	3.0.7
horde	horde	3.0.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E9DE66-064E-4872-AF40-2CC71507399A",
              "versionEndIncluding": "3.0.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF82BE80-C62C-4E1A-8AB9-5773E49142B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74DEABE1-B6C4-4C6F-A098-D5BC9F3C65A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E486E1-3BC7-444A-8BBB-6571CCF44E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE8E2B1E-C3C7-466D-982C-36FC51D0BE9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76E3B91F-F391-4126-832C-C5582F5D6FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2912428D-9A74-48C2-8866-669355CAB535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A17589E-AAD1-432A-A5E3-623A8EF66572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA1F0BF-6F17-4062-86B0-83EEDA5EAC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "505DFF07-4F63-4A0E-87E4-DC899F345307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B313A4C-12CE-4CA9-8036-26580152AE7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) templates/problem/problem.inc y (2) test.php."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nHorde, Horde, 3.1.1",
  "id": "CVE-2006-2195",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-15T10:02:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
    },
    {
      "source": "security@debian.org",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
    },
    {
      "source": "security@debian.org",
      "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
    },
    {
      "source": "security@debian.org",
      "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
    },
    {
      "source": "security@debian.org",
      "url": "http://secunia.com/advisories/20661"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20672"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20750"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20849"
    },
    {
      "source": "security@debian.org",
      "url": "http://secunia.com/advisories/20960"
    },
    {
      "source": "security@debian.org",
      "url": "http://securitytracker.com/id?1016310"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1098"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2006/dsa-1099"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.osvdb.org/26513"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.osvdb.org/26514"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securityfocus.com/bid/18436"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.vupen.com/english/advisories/2006/2356"
    },
    {
      "source": "security@debian.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Des vulnérabilités de type cross site scripting ont été découvertes dans Horde Application Framework.

Solution

Les vulnérabilités ont été corrigées dans le répertoire CVS de Horde. Certains éditeurs ont adapté ces modifications et ont publié des bulletins de sécurité (voir Documentation).

None

Impacted products

	Vendor	Product	Description
	Horde	N/A	Horde Application Framework versions 3.0.10 et antérieures.
	Horde	N/A	Horde Application Framework versions 3.1.1 et antérieures ;

References

Title

Publication Time

Tags

Répertoire CVS de Horde	None	vendor-advisory
Site Internet de Horde :	-	other
Modifications dans le répertoire CVS de Horde :	-	other
Modifications dans le répertoire CVS de Horde :	-	other
Bulletin de sécurité Gentoo GLSA-200606-28 du 29 juin 2006 :	-	other
Bulletin de sécurité Debian DSA 1098 du 14 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Horde Application Framework versions 3.0.10 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Application Framework versions 3.1.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s de type cross site scripting ont \u00e9t\u00e9 d\u00e9couvertes dans\nHorde Application Framework.\n\n## Solution\n\nLes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le r\u00e9pertoire CVS de Horde.\nCertains \u00e9diteurs ont adapt\u00e9 ces modifications et ont publi\u00e9 des\nbulletins de s\u00e9curit\u00e9 (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2195"
    }
  ],
  "links": [
    {
      "title": "Site Internet de Horde :",
      "url": "http://www.horde.org"
    },
    {
      "title": "Modifications dans le r\u00e9pertoire CVS de Horde :",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftemplates%2Fproblem%2Fproblem.inc\u0026r1=2.25\u0026r2=2.26"
    },
    {
      "title": "Modifications dans le r\u00e9pertoire CVS de Horde :",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200606-28 du 29 juin 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1098 du 14 juin 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1098"
    }
  ],
  "reference": "CERTA-2006-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Horde Application Framework 3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "R\u00e9pertoire CVS de Horde",
      "url": null
    }
  ]
}

CERTA-2006-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Des vulnérabilités de type cross site scripting ont été découvertes dans Horde Application Framework.

Solution

Les vulnérabilités ont été corrigées dans le répertoire CVS de Horde. Certains éditeurs ont adapté ces modifications et ont publié des bulletins de sécurité (voir Documentation).

None

Impacted products

	Vendor	Product	Description
	Horde	N/A	Horde Application Framework versions 3.0.10 et antérieures.
	Horde	N/A	Horde Application Framework versions 3.1.1 et antérieures ;

References

Title

Publication Time

Tags

Répertoire CVS de Horde	None	vendor-advisory
Site Internet de Horde :	-	other
Modifications dans le répertoire CVS de Horde :	-	other
Modifications dans le répertoire CVS de Horde :	-	other
Bulletin de sécurité Gentoo GLSA-200606-28 du 29 juin 2006 :	-	other
Bulletin de sécurité Debian DSA 1098 du 14 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Horde Application Framework versions 3.0.10 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Application Framework versions 3.1.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s de type cross site scripting ont \u00e9t\u00e9 d\u00e9couvertes dans\nHorde Application Framework.\n\n## Solution\n\nLes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le r\u00e9pertoire CVS de Horde.\nCertains \u00e9diteurs ont adapt\u00e9 ces modifications et ont publi\u00e9 des\nbulletins de s\u00e9curit\u00e9 (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2195"
    }
  ],
  "links": [
    {
      "title": "Site Internet de Horde :",
      "url": "http://www.horde.org"
    },
    {
      "title": "Modifications dans le r\u00e9pertoire CVS de Horde :",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftemplates%2Fproblem%2Fproblem.inc\u0026r1=2.25\u0026r2=2.26"
    },
    {
      "title": "Modifications dans le r\u00e9pertoire CVS de Horde :",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200606-28 du 29 juin 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1098 du 14 juin 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1098"
    }
  ],
  "reference": "CERTA-2006-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Horde Application Framework 3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "R\u00e9pertoire CVS de Horde",
      "url": null
    }
  ]
}

GHSA-G9FG-283V-PHRC

Vulnerability from github – Published: 2022-05-01 06:56 – Updated: 2022-05-01 06:56

Details

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2195"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-15T10:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.",
  "id": "GHSA-g9fg-283v-phrc",
  "modified": "2022-05-01T06:56:40Z",
  "published": "2022-05-01T06:56:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2195"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
    },
    {
      "type": "WEB",
      "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
    },
    {
      "type": "WEB",
      "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
    },
    {
      "type": "WEB",
      "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20661"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20672"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20750"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20849"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20960"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016310"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1098"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1099"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26513"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26514"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18436"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2356"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-2195

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

Aliases

CVE-2006-2195

Aliases

CVE-2006-2195

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2195",
    "description": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.",
    "id": "GSD-2006-2195",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-2195.html",
      "https://www.debian.org/security/2006/dsa-1099",
      "https://www.debian.org/security/2006/dsa-1098"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2195"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.",
      "id": "GSD-2006-2195",
      "modified": "2023-12-13T01:19:52.628568Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@debian.org",
        "ID": "CVE-2006-2195",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
            "refsource": "CONFIRM",
            "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
          },
          {
            "name": "horde-test-problem-xss(27168)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
          },
          {
            "name": "20750",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20750"
          },
          {
            "name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
            "refsource": "MISC",
            "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
          },
          {
            "name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
            "refsource": "CONFIRM",
            "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
          },
          {
            "name": "1016310",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016310"
          },
          {
            "name": "DSA-1098",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1098"
          },
          {
            "name": "20672",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20672"
          },
          {
            "name": "DSA-1099",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1099"
          },
          {
            "name": "20849",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20849"
          },
          {
            "name": "26514",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26514"
          },
          {
            "name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
            "refsource": "CONFIRM",
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
          },
          {
            "name": "20661",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20661"
          },
          {
            "name": "26513",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26513"
          },
          {
            "name": "SUSE-SR:2006:016",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
          },
          {
            "name": "ADV-2006-2356",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2356"
          },
          {
            "name": "GLSA-200606-28",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
          },
          {
            "name": "20960",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20960"
          },
          {
            "name": "18436",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18436"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2006-2195"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1098",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1098"
            },
            {
              "name": "DSA-1099",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1099"
            },
            {
              "name": "20672",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20672"
            },
            {
              "name": "20750",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20750"
            },
            {
              "name": "GLSA-200606-28",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
            },
            {
              "name": "18436",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18436"
            },
            {
              "name": "1016310",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016310"
            },
            {
              "name": "20849",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20849"
            },
            {
              "name": "SUSE-SR:2006:016",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
            },
            {
              "name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
            },
            {
              "name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146"
            },
            {
              "name": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
            },
            {
              "name": "26513",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26513"
            },
            {
              "name": "26514",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26514"
            },
            {
              "name": "20661",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20661"
            },
            {
              "name": "20960",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20960"
            },
            {
              "name": "ADV-2006-2356",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2356"
            },
            {
              "name": "horde-test-problem-xss(27168)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:31Z",
      "publishedDate": "2006-06-15T10:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2195 (GCVE-0-2006-2195)

FKIE_CVE-2006-2195

CERTA-2006-AVI-263

Description

Solution

CERTA-2006-AVI-263

Description

Solution

GHSA-G9FG-283V-PHRC

GSD-2006-2195

Tags

Sightings

Nomenclature