- Home
- CVEs with nessus.description==Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting).
This vulnerability applies to oldstable (sarge) only.
- CVE-2006-3549 Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy.
This vulnerability applies to oldstable (sarge) only.
- CVE-2006-4256 Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks.
This vulnerability applies to oldstable (sarge) only.
- CVE-2007-1473 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting).
This vulnerability applies to both stable (etch) and oldstable (sarge).
- CVE-2007-1474 iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.
This vulnerability applies to oldstable (sarge) only.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top