Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4190

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2005-4190
Last Modified 13 Sep 2011 12:00:00
Published 13 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2005-4190

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

Vulnerable Systems

Application

  • Horde Application Framework 1.0.0

  • Horde Application Framework 1.0.10

  • Horde Application Framework 1.0.11

  • Horde Application Framework 1.0.2

  • Horde Application Framework 1.0.2 1

  • Horde Application Framework 1.0.3

  • Horde Application Framework 1.0.3 2

  • Horde Application Framework 1.0.3 3

  • Horde Application Framework 1.0.3 4

  • Horde Application Framework 1.0.4

  • Horde Application Framework 1.0.5

  • Horde Application Framework 1.0.6

  • Horde Application Framework 1.0.8

  • Horde Application Framework 1.0.9

  • Horde Application Framework 1.2.0

  • Horde Application Framework 1.2.1

  • Horde Application Framework 1.2.2

  • Horde Application Framework 1.2.3

  • Horde Application Framework 1.2.4

  • Horde Application Framework 1.2.5

  • Horde Application Framework 1.2.6

  • Horde Application Framework 1.2.7

  • Horde Application Framework 1.2.8

  • Horde Application Framework 1.3.3

  • Horde Application Framework 1.3.4

  • Horde Application Framework 2.0

  • Horde Application Framework 2.1

  • Horde Application Framework 2.2

  • Horde Application Framework 2.2.1

  • Horde Application Framework 2.2.3

  • Horde Application Framework 2.2.4

  • Horde Application Framework 2.2.5

  • Horde Application Framework 2.2.6

  • Horde Application Framework 2.2.7

  • Horde Application Framework 2.2.8

  • Horde Application Framework 2.2.9

  • Horde Application Framework 3.0.1

  • Horde Application Framework 3.0.2

  • Horde Application Framework 3.0.3

  • Horde Application Framework 3.0.4

  • Horde Application Framework 3.0.5

  • Horde Application Framework 3.0.6

  • Horde Application Framework 3.0.7


References

SECUNIA - 17970

MLIST - [horde-announce] 20051211 Horde 3.0.8 (final)

VUPEN - ADV-2005-2835

BID - 15810

BID - 15808

BID - 15806

BID - 15804

BID - 15803

BID - 15802

MISC - http://www.sec-consult.com/245.html

SUSE - SUSE-SR:2006:016

SUSE - SUSE-SR:2006:009

DEBIAN - DSA-1033

SECUNIA - 20960

SECUNIA - 19897

SECUNIA - 19619


Last Updated: 27 May 2016 10:41:12