Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3570

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3570
Last Modified 19 May 2011 12:00:00
Published 16 Nov 2005 02:42:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3570

Summary

Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".

Vulnerable Systems

Application

  • Horde 2.2

  • Horde 2.2.1

  • Horde 2.2.3

  • Horde 2.2.4

  • Horde 2.2.4 Rc1

  • Horde 2.2.5

  • Horde 2.2.6

  • Horde 2.2.7

  • Horde 2.2.8


References

BID - 15409

GENTOO - GLSA-200511-20

DEBIAN - DSA-914

SECUNIA - 17794

SECUNIA - 17702

SECUNIA - 17468

CONFIRM - http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h

VUPEN - ADV-2005-2403

MLIST - [Horde-announce] 20051113 Horde 2.2.9 (final)


Last Updated: 27 May 2016 10:40:58