Vulnerability-Lookup

CVE-2008-5917 (GCVE-0-2008-5917)

Vulnerability from cvelistv5 – Published: 2009-01-21 02:00 – Updated: 2024-08-07 11:13

Summary

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/34418	third-party-advisoryx_refsource_SECUNIA
	http://cvs.horde.org/diff.php/framework/Text_Filt…	x_refsource_CONFIRM
	http://lists.horde.org/archives/announce/2008/000…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/34609	third-party-advisoryx_refsource_SECUNIA
	http://lists.horde.org/archives/announce/2008/000…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:13:13.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2009:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "34418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
          },
          {
            "name": "[announce] Horde 3.2.3 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2008/000462.html"
          },
          {
            "name": "34609",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34609"
          },
          {
            "name": "[announce] Horde 3.3.1 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2008/000464.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-04-01T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SR:2009:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
        },
        {
          "name": "34418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34418"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
        },
        {
          "name": "[announce] Horde 3.2.3 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2008/000462.html"
        },
        {
          "name": "34609",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34609"
        },
        {
          "name": "[announce] Horde 3.3.1 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2008/000464.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-5917",
    "datePublished": "2009-01-21T02:00:00",
    "dateReserved": "2009-01-20T00:00:00",
    "dateUpdated": "2024-08-07T11:13:13.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89477FCC-C925-418A-A3FF-F5B02736600C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8682FAF3-98E3-485C-89CB-C0358C4E2AB0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el filtro XSS(framework/Text_Filter/Filter/xss.php) en Horde Application Framework v3.2.2 y v3.3, cunado Internet Explorer est\\u00e1 siendo utilizado, permite a atacantes remotos inyectar secuencias de comando web o HTML a trav\\u00e9s de vectores desconocidos relacionados con atributos \\\"style\\\".\"}]",
      "id": "CVE-2008-5917",
      "lastModified": "2024-11-21T00:55:12.423",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-01-21T02:30:00.233",
      "references": "[{\"url\": \"http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.horde.org/archives/announce/2008/000462.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.horde.org/archives/announce/2008/000464.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/34609\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.horde.org/archives/announce/2008/000462.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.horde.org/archives/announce/2008/000464.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5917\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-01-21T02:30:00.233\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el filtro XSS(framework/Text_Filter/Filter/xss.php) en Horde Application Framework v3.2.2 y v3.3, cunado Internet Explorer est\u00e1 siendo utilizado, permite a atacantes remotos inyectar secuencias de comando web o HTML a trav\u00e9s de vectores desconocidos relacionados con atributos \\\"style\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89477FCC-C925-418A-A3FF-F5B02736600C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8682FAF3-98E3-485C-89CB-C0358C4E2AB0\"}]}]}],\"references\":[{\"url\":\"http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.horde.org/archives/announce/2008/000462.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.horde.org/archives/announce/2008/000464.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34609\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.horde.org/archives/announce/2008/000462.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.horde.org/archives/announce/2008/000464.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-025

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de type « injection de code indirecte » a été identifiée dans plusieurs produits Horde.

Description

Une vulnérabilité de type « injection de code indirecte » a été identifiée dans plusieurs produits Horde. Le filtrage XSS n'est pas correctement effectué dans certaines conditions.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Horde	N/A	les versions Horde Groupware antérieures à 1.2.1 ;
Horde	N/A	les versions Horde antérieures à 3.2.3 ;
Horde	N/A	Les versions Horde antérieures à 3.3.1 ;
Horde	N/A	les versions Horde Groupware Webmail Edition antérieures à 1.1.4.
Horde	N/A	les versions Horde Groupware Webmail Edition antérieures à 1.2.1 ;
Horde	N/A	les versions Horde Groupware antérieures à 1.1.4 ;

References

Title

Publication Time

Tags

Annonces de mises à jour Horde du 20 janvier 2009	None	vendor-advisory
Page officielle du projet Horde :	-	other
Site de téléchargement Horde :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions Horde Groupware ant\u00e9rieures \u00e0 1.2.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde ant\u00e9rieures \u00e0 3.2.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Les versions Horde ant\u00e9rieures \u00e0 3.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde Groupware Webmail Edition ant\u00e9rieures \u00e0 1.1.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde Groupware Webmail Edition ant\u00e9rieures \u00e0 1.2.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde Groupware ant\u00e9rieures \u00e0 1.1.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type \u00ab injection de code indirecte \u00bb a \u00e9t\u00e9\nidentifi\u00e9e dans plusieurs produits Horde. Le filtrage XSS n\u0027est pas\ncorrectement effectu\u00e9 dans certaines conditions.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5917"
    }
  ],
  "links": [
    {
      "title": "Page officielle du projet Horde\u00a0:",
      "url": "http://www.horde.org/"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement Horde\u00a0:",
      "url": "http://ftp.horde.org/pub/horde/"
    }
  ],
  "reference": "CERTA-2009-AVI-025",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type \u00ab injection de code indirecte \u00bb a \u00e9t\u00e9\nidentifi\u00e9e dans plusieurs produits Horde.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits Horde",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces de mises \u00e0 jour Horde du 20 janvier 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-025

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de type « injection de code indirecte » a été identifiée dans plusieurs produits Horde.

Description

Une vulnérabilité de type « injection de code indirecte » a été identifiée dans plusieurs produits Horde. Le filtrage XSS n'est pas correctement effectué dans certaines conditions.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Horde	N/A	les versions Horde Groupware antérieures à 1.2.1 ;
Horde	N/A	les versions Horde antérieures à 3.2.3 ;
Horde	N/A	Les versions Horde antérieures à 3.3.1 ;
Horde	N/A	les versions Horde Groupware Webmail Edition antérieures à 1.1.4.
Horde	N/A	les versions Horde Groupware Webmail Edition antérieures à 1.2.1 ;
Horde	N/A	les versions Horde Groupware antérieures à 1.1.4 ;

References

Title

Publication Time

Tags

Annonces de mises à jour Horde du 20 janvier 2009	None	vendor-advisory
Page officielle du projet Horde :	-	other
Site de téléchargement Horde :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions Horde Groupware ant\u00e9rieures \u00e0 1.2.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde ant\u00e9rieures \u00e0 3.2.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Les versions Horde ant\u00e9rieures \u00e0 3.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde Groupware Webmail Edition ant\u00e9rieures \u00e0 1.1.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde Groupware Webmail Edition ant\u00e9rieures \u00e0 1.2.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "les versions Horde Groupware ant\u00e9rieures \u00e0 1.1.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type \u00ab injection de code indirecte \u00bb a \u00e9t\u00e9\nidentifi\u00e9e dans plusieurs produits Horde. Le filtrage XSS n\u0027est pas\ncorrectement effectu\u00e9 dans certaines conditions.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5917"
    }
  ],
  "links": [
    {
      "title": "Page officielle du projet Horde\u00a0:",
      "url": "http://www.horde.org/"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement Horde\u00a0:",
      "url": "http://ftp.horde.org/pub/horde/"
    }
  ],
  "reference": "CERTA-2009-AVI-025",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type \u00ab injection de code indirecte \u00bb a \u00e9t\u00e9\nidentifi\u00e9e dans plusieurs produits Horde.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits Horde",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces de mises \u00e0 jour Horde du 20 janvier 2009",
      "url": null
    }
  ]
}

GSD-2008-5917

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-5917

Aliases

CVE-2008-5917

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5917",
    "description": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.",
    "id": "GSD-2008-5917",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-5917.html",
      "https://www.debian.org/security/2009/dsa-1765"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5917"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.",
      "id": "GSD-2008-5917",
      "modified": "2023-12-13T01:23:04.106645Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-5917",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "http://secunia.com/advisories/34418",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18",
            "refsource": "MISC",
            "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
          },
          {
            "name": "http://lists.horde.org/archives/announce/2008/000462.html",
            "refsource": "MISC",
            "url": "http://lists.horde.org/archives/announce/2008/000462.html"
          },
          {
            "name": "http://lists.horde.org/archives/announce/2008/000464.html",
            "refsource": "MISC",
            "url": "http://lists.horde.org/archives/announce/2008/000464.html"
          },
          {
            "name": "http://secunia.com/advisories/34609",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34609"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-5917"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
            },
            {
              "name": "[announce] Horde 3.2.3 (final)",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000462.html"
            },
            {
              "name": "[announce] Horde 3.3.1 (final)",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.horde.org/archives/announce/2008/000464.html"
            },
            {
              "name": "34418",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34418"
            },
            {
              "name": "SUSE-SR:2009:007",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
            },
            {
              "name": "34609",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34609"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2009-04-18T05:44Z",
      "publishedDate": "2009-01-21T02:30Z"
    }
  }
}

FKIE_CVE-2008-5917

Vulnerability from fkie_nvd - Published: 2009-01-21 02:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18	Exploit
secalert@redhat.com	http://lists.horde.org/archives/announce/2008/000462.html	Vendor Advisory
secalert@redhat.com	http://lists.horde.org/archives/announce/2008/000464.html	Vendor Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
secalert@redhat.com	http://secunia.com/advisories/34418
secalert@redhat.com	http://secunia.com/advisories/34609
af854a3a-2127-422b-91ae-364da2661108	http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.horde.org/archives/announce/2008/000462.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.horde.org/archives/announce/2008/000464.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34418
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34609

Impacted products

Vendor	Product	Version
horde	application_framework	3.2.2
horde	application_framework	3.3
microsoft	internet_explorer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89477FCC-C925-418A-A3FF-F5B02736600C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE2B06C-EDBD-4FA1-90AA-148E39EF5AE4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el filtro XSS(framework/Text_Filter/Filter/xss.php) en Horde Application Framework v3.2.2 y v3.3, cunado Internet Explorer est\u00e1 siendo utilizado, permite a atacantes remotos inyectar secuencias de comando web o HTML a trav\u00e9s de vectores desconocidos relacionados con atributos \"style\"."
    }
  ],
  "id": "CVE-2008-5917",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-01-21T02:30:00.233",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2008/000462.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2008/000464.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2008/000462.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2008/000464.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34609"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6HMC-J3Q7-53FF

Vulnerability from github – Published: 2022-05-17 05:52 – Updated: 2022-05-17 05:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-5917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-21T02:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.",
  "id": "GHSA-6hmc-j3q7-53ff",
  "modified": "2022-05-17T05:52:46Z",
  "published": "2022-05-17T05:52:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5917"
    },
    {
      "type": "WEB",
      "url": "http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17\u0026r2=1.18"
    },
    {
      "type": "WEB",
      "url": "http://lists.horde.org/archives/announce/2008/000462.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.horde.org/archives/announce/2008/000464.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34418"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34609"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-5917 (GCVE-0-2008-5917)

CERTA-2009-AVI-025

Description

Solution

CERTA-2009-AVI-025

Description

Solution

GSD-2008-5917

FKIE_CVE-2008-5917

GHSA-6HMC-J3Q7-53FF

Tags

Sightings

Nomenclature