1. CVE-Search
  2. CVE-2006-3548
ID CVE-2006-3548
Summary Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
References
Vulnerable Configurations
  • cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.4_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.4_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde:3.1.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 18845
bugtraq 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
confirm
debian DSA-1406
fulldisc 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
misc http://moritz-naumann.com/adv/0011/hordemulti/0011.txt
sectrack 1016442
secunia
  • 20954
  • 21459
  • 27565
sreason 1229
suse SUSE-SR:2006:019
vupen ADV-2006-2694
xf horde-multiple-functions-xss(27589)
Last major update 18-10-2018 - 16:47
Published 13-07-2006 - 00:05
Last modified 18-10-2018 - 16:47
Back to Top