CVE-2006-4256 (GCVE-0-2006-4256)
Vulnerability from cvelistv5
Published
2006-08-21 20:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4256",
"datePublished": "2006-08-21T20:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2006-4256\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-21T20:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \\\"cross-site referencing.\\\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.\"},{\"lang\":\"es\",\"value\":\"index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir p\u00e1ginas web de otros sitios, lo que podr\u00eda ser \u00fatil para ataques de phishing, mediante una URL en el par\u00e1metro url, tambi\u00e9n conocido como \\\"referencia en sitios cruzados\\\" (cross-site referencing). NOTA: algunas fuetnes se han referido a este problema como XSS, pero es diferente del cl\u00e1sico XSS.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEC8BBFC-263E-4735-847D-5544D18922E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DB1F389-5D64-4B8C-B207-7D23F0C12DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE8892DF-11F2-4991-97E8-D561DEAC4F5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B46B6F5-055E-44EB-BB78-503811C0E57C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B197B0-F3B7-40D6-9872-C1A94622C242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.4_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAEAAF02-1B61-421A-887C-107B7234262B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.4_rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01557585-CE92-49FB-B9BB-AAAE7D355BE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2698E2D7-09BF-4490-B362-4245CD3087D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B40A46-117D-4D85-8CC8-27236A3280C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEFBECFF-D1A4-465D-B59F-E70246DE4BE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57ABD1BD-6676-4B54-9F3E-FACF1346794F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79EC6167-5D16-4236-8EBC-412EE1784802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A4F6A2A-05B6-42EA-8F61-D0AB610A6757\"}]}]}],\"references\":[{\"url\":\"http://lists.horde.org/archives/announce/2006/000292.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21500\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27565\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1422\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016713\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1406\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/443360/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3309\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28411\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.horde.org/archives/announce/2006/000292.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/1422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/443360/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…