QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3548

Published: Jul 13, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues

mailing-list

x_refsource_FULLDISC

horde-multiple-functions-xss(27589)

vdb-entry

x_refsource_XF

http://lists.horde.org/archives/announce/2006/000287.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2006:019

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

http://lists.horde.org/archives/announce/2006/000288.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SREASON

http://moritz-naumann.com/adv/0011/hordemulti/0011.txt

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.