|
|
CVE Reference: CVE-2006-4256 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-4256 |
|
|
Description: index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/28411 ST 1016713 SREASON http://securityreason.com/securityalert/1422 SAID Secunia Advisory: SA21500 Secunia Advisory: SA27565 MLIST http://lists.horde.org/archives/announce/2006/000292.html MISC http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456 DEBIAN http://www.debian.org/security/2007/dsa-1406 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/443360/100/0/threaded |
|
| Return to the previous page. |
