CVE-2006-3548 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3548
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3548

Description: Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27589 SUSE http://www.novell.com/linux/security/advisories/2006_19_sr.html ST 1016442 SREASON http://securityreason.com/securityalert/1229 SAID Secunia Advisory: SA27565 Secunia Advisory: SA21459 Secunia Advisory: SA20954 MISC http://moritz-naumann.com/adv/0011/hordemulti/0011.txt FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html DEBIAN http://www.debian.org/security/2007/dsa-1406 CONFIRM http://lists.horde.org/archives/announce/2006/000287.html http://lists.horde.org/archives/announce/2006/000288.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/439255/100/0/threaded BID 18845

Return to the previous page.