Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3759

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2005-3759
Last Modified 13 Sep 2011 12:00:00
Published 22 Nov 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3759

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

Vulnerable Systems

Application

  • Horde 1.2

  • Horde 1.2.1

  • Horde 1.2.2

  • Horde 1.2.3

  • Horde 1.2.4

  • Horde 1.2.5

  • Horde 1.2.6

  • Horde 1.2.7

  • Horde 1.2.8

  • Horde 2.0

  • Horde 2.1

  • Horde 2.1.3

  • Horde 2.2

  • Horde 2.2.1

  • Horde 2.2.3

  • Horde 2.2.4

  • Horde 2.2.4 Rc1

  • Horde 2.2.5

  • Horde 2.2.6

  • Horde 2.2.7

  • Horde 2.2.8

  • Horde 2.2.9

  • Horde 3.0

  • Horde 3.0.1

  • Horde 3.0.2

  • Horde 3.0.3

  • Horde 3.0.4

  • Horde 3.0.4 Rc1

  • Horde 3.0.4 Rc2

  • Horde 3.0.6

  • Horde 3.0.7


References

BID - 15535

BUGTRAQ - 20051122 Horde MIME Viewer vulnerability

GENTOO - GLSA-200511-20

DEBIAN - DSA-909

SECUNIA - 17703

SECUNIA - 17599

MLIST - [horde-announce] 20051122 Horde 3.0.7 (final)

VUPEN - ADV-2005-2536


Last Updated: 27 May 2016 10:41:02