ID CVE-2007-1473
Summary Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
References
Vulnerable Configurations
  • cpe:2.3:a:horde:horde_application_framework:1.2.0
    cpe:2.3:a:horde:horde_application_framework:1.2.0
  • cpe:2.3:a:horde:horde_application_framework:1.2.1
    cpe:2.3:a:horde:horde_application_framework:1.2.1
  • cpe:2.3:a:horde:horde_application_framework:1.2.2
    cpe:2.3:a:horde:horde_application_framework:1.2.2
  • cpe:2.3:a:horde:horde_application_framework:1.2.3
    cpe:2.3:a:horde:horde_application_framework:1.2.3
  • cpe:2.3:a:horde:horde_application_framework:1.2.4
    cpe:2.3:a:horde:horde_application_framework:1.2.4
  • cpe:2.3:a:horde:horde_application_framework:1.2.5
    cpe:2.3:a:horde:horde_application_framework:1.2.5
  • cpe:2.3:a:horde:horde_application_framework:1.2.6
    cpe:2.3:a:horde:horde_application_framework:1.2.6
  • cpe:2.3:a:horde:horde_application_framework:1.2.7
    cpe:2.3:a:horde:horde_application_framework:1.2.7
  • cpe:2.3:a:horde:horde_application_framework:1.2.8
    cpe:2.3:a:horde:horde_application_framework:1.2.8
  • Horde Application Framework 1.3.3
    cpe:2.3:a:horde:horde_application_framework:1.3.3
  • Horde Application Framework 1.3.4
    cpe:2.3:a:horde:horde_application_framework:1.3.4
  • Horde Application Framework 2.0
    cpe:2.3:a:horde:horde_application_framework:2.0
  • Horde Application Framework 2.1
    cpe:2.3:a:horde:horde_application_framework:2.1
  • Horde Application Framework 2.2
    cpe:2.3:a:horde:horde_application_framework:2.2
  • Horde Application Framework 2.2.1
    cpe:2.3:a:horde:horde_application_framework:2.2.1
  • Horde Application Framework 2.2.3
    cpe:2.3:a:horde:horde_application_framework:2.2.3
  • Horde Application Framework 2.2.4
    cpe:2.3:a:horde:horde_application_framework:2.2.4
  • Horde Application Framework 2.2.5
    cpe:2.3:a:horde:horde_application_framework:2.2.5
  • Horde Application Framework 2.2.6
    cpe:2.3:a:horde:horde_application_framework:2.2.6
  • Horde Application Framework 2.2.7
    cpe:2.3:a:horde:horde_application_framework:2.2.7
  • Horde Application Framework 2.2.8
    cpe:2.3:a:horde:horde_application_framework:2.2.8
  • Horde Application Framework 2.2.9
    cpe:2.3:a:horde:horde_application_framework:2.2.9
  • cpe:2.3:a:horde:horde_application_framework:3.0.0
    cpe:2.3:a:horde:horde_application_framework:3.0.0
  • Horde Application Framework 3.0.1
    cpe:2.3:a:horde:horde_application_framework:3.0.1
  • Horde Application Framework 3.0.2
    cpe:2.3:a:horde:horde_application_framework:3.0.2
  • Horde Application Framework 3.0.3
    cpe:2.3:a:horde:horde_application_framework:3.0.3
  • Horde Application Framework 3.0.4
    cpe:2.3:a:horde:horde_application_framework:3.0.4
  • Horde Application Framework 3.0.5
    cpe:2.3:a:horde:horde_application_framework:3.0.5
  • Horde Application Framework 3.0.6
    cpe:2.3:a:horde:horde_application_framework:3.0.6
  • Horde Application Framework 3.0.7
    cpe:2.3:a:horde:horde_application_framework:3.0.7
  • Horde Application Framework 3.0.8
    cpe:2.3:a:horde:horde_application_framework:3.0.8
  • Horde Application Framework 3.0.9
    cpe:2.3:a:horde:horde_application_framework:3.0.9
  • Horde Application Framework 3.0.10
    cpe:2.3:a:horde:horde_application_framework:3.0.10
  • cpe:2.3:a:horde:horde_application_framework:3.1.0
    cpe:2.3:a:horde:horde_application_framework:3.1.0
  • Horde Application Framework 3.1.1
    cpe:2.3:a:horde:horde_application_framework:3.1.1
  • Horde Application Framework 3.1.2
    cpe:2.3:a:horde:horde_application_framework:3.1.2
  • Horde Application Framework 3.1.3
    cpe:2.3:a:horde:horde_application_framework:3.1.3
CVSS
Base: 4.3 (as of 19-03-2007 - 10:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description Horde Framework 3.1.3 Login.PHP Cross-Site Scripting Vulnerability. CVE-2007-1473 . Webapps exploit for php platform
id EDB-ID:29745
last seen 2016-02-03
modified 2007-03-15
published 2007-03-15
reporter Moritz Naumann
source https://www.exploit-db.com/download/29745/
title Horde Framework <= 3.1.3 Login.PHP Cross-Site Scripting Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_HORDE-3089.NASL
    description This udpate fixes a cross site scripting bug (XSS) in horde (CVE-2007-1473).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27266
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27266
    title openSUSE 10 Security Update : horde (horde-3089)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11488.NASL
    description This update fixes a cross-site scripting bug (XSS) in horde. (CVE-2007-1473)
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 41123
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41123
    title SuSE9 Security Update : horde (YOU Patch Number 11488)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1406.NASL
    description Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). This vulnerability applies to oldstable (sarge) only. - CVE-2006-3549 Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. This vulnerability applies to oldstable (sarge) only. - CVE-2006-4256 Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. This vulnerability applies to oldstable (sarge) only. - CVE-2007-1473 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). This vulnerability applies to both stable (etch) and oldstable (sarge). - CVE-2007-1474 iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files. This vulnerability applies to oldstable (sarge) only.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 28151
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28151
    title Debian DSA-1406-1 : horde3 - several vulnerabilities
  • NASL family CGI abuses : XSS
    NASL id HORDE_NEW_LANG_XSS.NASL
    description The version of Horde installed on the remote host fails to sanitize input to the 'new_lang' parameter before using it in the 'framework/NLS/NLS.php' script to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24817
    published 2007-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24817
    title Horde NLS.php Language Selection new_lang Parameter XSS
refmap via4
bid 22984
bugtraq 20070315 Horde 3.1.4 (RC1) fixes XSS issue
debian DSA-1406
mlist [announce] 20070314 Horde 3.1.4 (final)
osvdb 33084
sectrack 1017775
secunia
  • 24528
  • 24995
  • 27565
sreason 2427
suse SUSE-SR:2007:007
vupen ADV-2007-0965
xf horde-login-xss(33013)
Last major update 07-03-2011 - 21:52
Published 16-03-2007 - 17:19
Last modified 16-10-2018 - 12:38
Back to Top