|
|
CVE Reference: CVE-2005-4190 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-4190 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. |
|
|
CVE Status: Candidate |
|
|
References: SUSE http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.novell.com/linux/security/advisories/2006_04_28.html SAID Secunia Advisory: SA17970 Secunia Advisory: SA19619 Secunia Advisory: SA19897 Secunia Advisory: SA20960 MLIST http://lists.horde.org/archives/announce/2005/000238.html MISC http://www.sec-consult.com/245.html DEBIAN http://www.debian.org/security/2006/dsa-1033 BID 15808 15802 15803 15804 15806 15810 |
|
| Return to the previous page. |
