Back to search
CVE-2007-1473
Published: Mar 16, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070315 Horde 3.1.4 (RC1) fixes XSS issue
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2007:007
vendor-advisory
x_refsource_SUSE
24528
third-party-advisory
x_refsource_SECUNIA
24995
third-party-advisory
x_refsource_SECUNIA
27565
third-party-advisory
x_refsource_SECUNIA
horde-login-xss(33013)
vdb-entry
x_refsource_XF
2427
third-party-advisory
x_refsource_SREASON
1017775
vdb-entry
x_refsource_SECTRACK
22984
vdb-entry
x_refsource_BID
33084
vdb-entry
x_refsource_OSVDB
DSA-1406
vendor-advisory
x_refsource_DEBIAN
ADV-2007-0965
vdb-entry
x_refsource_VUPEN
[announce] 20070314 Horde 3.1.4 (final)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now