Horde Application Framework Help Window Multiple Parameter XSS

medium Nessus Plugin ID 15605

Synopsis

The remote web server is hosting a PHP application that is affected by a cross-site scripting vulnerability.

Description

The target is running at least one instance of Horde in which the help subsystem is vulnerable to a cross-site scripting attack since information passed to the help window is not properly sanitized.

Solution

Upgrade to Horde version 2.2.7 or later.

See Also

https://lists.horde.org/archives/announce/2004/000107.html

Plugin Details

Severity: Medium

ID: 15605

File Name: horde_help_xss.nasl

Version: 1.23

Type: remote

Published: 11/2/2004

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:horde:horde_application_framework

Required KB Items: www/horde

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 10/27/2004

Reference Information

CVE: CVE-2004-2741

BID: 11546

CWE: 79