Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3548

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3548
Last Modified 07 Mar 2011 09:38:53
Published 12 Jul 2006 08:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3548

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).

Vulnerable Systems

Application

  • Horde 3.0

  • Horde 3.0.1

  • Horde 3.0.2

  • Horde 3.0.3

  • Horde 3.0.4

  • Horde 3.0.4 Rc1

  • Horde 3.0.4 Rc2

  • Horde 3.0.6

  • Horde 3.0.7

  • Horde 3.0.8

  • Horde 3.0.9

  • Horde 3.1

  • Horde 3.1.1


References

BUGTRAQ - 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues

SECTRACK - 1016442

MISC - http://moritz-naumann.com/adv/0011/hordemulti/0011.txt

CONFIRM - http://lists.horde.org/archives/announce/2006/000288.html

CONFIRM - http://lists.horde.org/archives/announce/2006/000287.html

VUPEN - ADV-2006-2694

BID - 18845

XF - horde-multiple-functions-xss(27589)

SUSE - SUSE-SR:2006:019

DEBIAN - DSA-1406

SREASON - 1229

SECUNIA - 27565

SECUNIA - 21459

SECUNIA - 20954


Last Updated: 27 May 2016 10:43:02