FKIE_CVE-2006-4255

Vulnerability from fkie_nvd - Published: 2006-08-21 20:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
References
cve@mitre.orghttp://lists.horde.org/archives/announce/2006/000294.html
cve@mitre.orghttp://secunia.com/advisories/21533Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1423
cve@mitre.orghttp://securitytracker.com/id?1016713
cve@mitre.orghttp://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457
cve@mitre.orghttp://www.securityfocus.com/archive/1/443361/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19544
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3316
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28409
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2006/000294.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21533Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1423
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016713
af854a3a-2127-422b-91ae-364da2661108http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443361/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19544
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3316
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28409
Impacted products
Vendor Product Version
horde horde 3.0
horde horde 3.0.1
horde horde 3.0.2
horde horde 3.0.3
horde horde 3.0.4
horde horde 3.0.4_rc1
horde horde 3.0.4_rc2
horde horde 3.0.6
horde horde 3.0.7
horde horde 3.0.8
horde horde 3.0.9
horde horde 3.1
horde horde 3.1.1
horde imp 2.0
horde imp 2.2
horde imp 2.2.1
horde imp 2.2.2
horde imp 2.2.3
horde imp 2.2.4
horde imp 2.2.5
horde imp 2.2.6
horde imp 2.2.7
horde imp 2.2.8
horde imp 2.3
horde imp 3.0
horde imp 3.1
horde imp 3.1.2
horde imp 3.2
horde imp 3.2.1
horde imp 3.2.2
horde imp 3.2.3
horde imp 3.2.4
horde imp 3.2.5
horde imp 4.0
horde imp 4.0.1
horde imp 4.0.2
horde imp 4.0.3
horde imp 4.0.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF82BE80-C62C-4E1A-8AB9-5773E49142B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74DEABE1-B6C4-4C6F-A098-D5BC9F3C65A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8E486E1-3BC7-444A-8BBB-6571CCF44E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE8E2B1E-C3C7-466D-982C-36FC51D0BE9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76E3B91F-F391-4126-832C-C5582F5D6FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2912428D-9A74-48C2-8866-669355CAB535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A17589E-AAD1-432A-A5E3-623A8EF66572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FA1F0BF-6F17-4062-86B0-83EEDA5EAC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "505DFF07-4F63-4A0E-87E4-DC899F345307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B313A4C-12CE-4CA9-8036-26580152AE7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7730FD04-0CC8-4D96-A3B5-9D628381653E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D589E22C-7F87-43EF-B5FF-DC2B43E5252C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AD38FB-23DF-406D-8889-E9EB18D22C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2A8C5B-6155-4B40-B8C8-B4944064E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11E08A4-79D6-46FE-880F-66E9778C298E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A3894F-2E3F-49CA-BEE5-759D603F6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDBDC41-7E6F-4C97-95BD-7DEB2D9FE837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B52D447-8E56-4E04-9650-38D222DA8D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C455353-0401-4975-89BC-C23D32A684F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D9D9E1-D8B7-4A56-BC2F-90BDC97322B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "59DE856E-98FF-4B49-BD7F-3E326FEB89EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED34889-9F98-46BC-9176-557484272C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FBC61D-6A08-4DE8-A5E5-A3FC57E7759D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52AEEE6-2364-4CFB-9337-C5CCA54362E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD137160-B80D-4C65-A9A9-CEE12107E3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6C2AC8-C21A-4152-AAE6-915ACE65CB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1956C8F0-EB91-4322-85C1-6BE15AA13703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48DEBEB-0C2D-4F6A-AF63-04990D2FD5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E004FA4-0180-458A-8E8C-8167EF684ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0A1617-17D1-4C9F-A818-27321FD2FEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86CDC19-43C3-4ACC-94B4-388BCC8A2203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9931A5B-CD0C-43A3-B32D-915FF4AF57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC69F98-A3B4-4573-AFE4-2069218B3454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "184592A5-4108-40DB-8882-9D2468490DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28470602-E3F1-4F04-B012-F91AB95E7A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B584932-BFB2-4462-BC69-B9FCC059F59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "702F7A33-CF9E-4966-B622-E4BD27B120AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1BB456-5462-4ACE-AECF-730B1C7BE2CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en horde/imp/search.php en Horde IMP H3 anterior a 4.1.3 permite a atacanets remotos incluir secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de m\u00faltiples vectores no especificados relacionados con nombres de carpetas, como se ha inyectado en el campo de formulario vfolder_label en la pantalla de b\u00fasqueda IMP."
    }
  ],
  "id": "CVE-2006-4255",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-21T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.horde.org/archives/announce/2006/000294.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19544"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3316"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.horde.org/archives/announce/2006/000294.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443361/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28409"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.