ID CVE-2006-3548
Summary Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
References
Vulnerable Configurations
  • cpe:2.3:a:horde:horde:3.0
    cpe:2.3:a:horde:horde:3.0
  • cpe:2.3:a:horde:horde:3.0.1
    cpe:2.3:a:horde:horde:3.0.1
  • cpe:2.3:a:horde:horde:3.0.2
    cpe:2.3:a:horde:horde:3.0.2
  • cpe:2.3:a:horde:horde:3.0.3
    cpe:2.3:a:horde:horde:3.0.3
  • cpe:2.3:a:horde:horde:3.0.4
    cpe:2.3:a:horde:horde:3.0.4
  • cpe:2.3:a:horde:horde:3.0.4_rc1
    cpe:2.3:a:horde:horde:3.0.4_rc1
  • cpe:2.3:a:horde:horde:3.0.4_rc2
    cpe:2.3:a:horde:horde:3.0.4_rc2
  • cpe:2.3:a:horde:horde:3.0.6
    cpe:2.3:a:horde:horde:3.0.6
  • cpe:2.3:a:horde:horde:3.0.7
    cpe:2.3:a:horde:horde:3.0.7
  • cpe:2.3:a:horde:horde:3.0.8
    cpe:2.3:a:horde:horde:3.0.8
  • cpe:2.3:a:horde:horde:3.0.9
    cpe:2.3:a:horde:horde:3.0.9
  • cpe:2.3:a:horde:horde:3.1
    cpe:2.3:a:horde:horde:3.1
  • cpe:2.3:a:horde:horde:3.1.1
    cpe:2.3:a:horde:horde:3.1.1
CVSS
Base: 4.3 (as of 13-07-2006 - 13:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family CGI abuses : XSS
    NASL id HORDE_URL_XSS.NASL
    description The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it in dynamically-generated content. An unauthenticated attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser. In addition, similar cross-site scripting issues reportedly exist with the 'module' parameter of the 'services/help/index.php' script and the 'name' parameter of the 'services/problem.php' script.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22004
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22004
    title Horde < 3.0.11 / 3.1.2 Multiple Script XSS
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E94CB43D0C4A11DB90160050BF27BA24.NASL
    description Horde 3.1.2 release announcement : Security Fixes : - Closed XSS problems in dereferrer (IE only), help viewer and problem reporting screen. - Removed unused image proxy code from dereferrer.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 22006
    published 2006-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22006
    title FreeBSD : horde -- various problems in dereferrer (e94cb43d-0c4a-11db-9016-0050bf27ba24)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_HORDE-1868.NASL
    description This update fixes the following two security issues in the Horde Application Framework : - CVE-2006-3548: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a (1) JavaScript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a JavaScript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). - CVE-2006-3549: services/go.php does not properly restrict its image proxy capability, which allows remote attackers to perform 'Web tunneling' attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27265
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27265
    title openSUSE 10 Security Update : horde (horde-1868)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1406.NASL
    description Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). This vulnerability applies to oldstable (sarge) only. - CVE-2006-3549 Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. This vulnerability applies to oldstable (sarge) only. - CVE-2006-4256 Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. This vulnerability applies to oldstable (sarge) only. - CVE-2007-1473 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). This vulnerability applies to both stable (etch) and oldstable (sarge). - CVE-2007-1474 iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files. This vulnerability applies to oldstable (sarge) only.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 28151
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28151
    title Debian DSA-1406-1 : horde3 - several vulnerabilities
refmap via4
bid 18845
bugtraq 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
confirm
debian DSA-1406
fulldisc 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
misc http://moritz-naumann.com/adv/0011/hordemulti/0011.txt
sectrack 1016442
secunia
  • 20954
  • 21459
  • 27565
sreason 1229
suse SUSE-SR:2006:019
vupen ADV-2006-2694
xf horde-multiple-functions-xss(27589)
Last major update 07-03-2011 - 21:38
Published 12-07-2006 - 20:05
Last modified 18-10-2018 - 12:47
Back to Top