Detections
Analytics

CVE-2005-4190

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

References

http://www.vupen.com/english/advisories/2005/2835

http://www.securityfocus.com/bid/15810

http://www.securityfocus.com/bid/15808

http://www.securityfocus.com/bid/15806

http://www.securityfocus.com/bid/15804

http://www.securityfocus.com/bid/15803

http://www.securityfocus.com/bid/15802

http://www.sec-consult.com/245.html

http://www.novell.com/linux/security/advisories/2006_16_sr.html

http://www.novell.com/linux/security/advisories/2006_04_28.html

http://www.debian.org/security/2006/dsa-1033

http://secunia.com/advisories/20960

http://secunia.com/advisories/19897

http://secunia.com/advisories/19619

http://secunia.com/advisories/17970

http://lists.horde.org/archives/announce/2005/000238.html

Details

Source: Mitre, NVD

Published: 2005-12-13

Updated: 2011-09-13

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium