5.4 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.0%
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, © Mnemo, and (d) Nag.
lists.horde.org/archives/announce/2005/000238.html
secunia.com/advisories/17970
secunia.com/advisories/19619
secunia.com/advisories/19897
secunia.com/advisories/20960
www.debian.org/security/2006/dsa-1033
www.novell.com/linux/security/advisories/2006_04_28.html
www.novell.com/linux/security/advisories/2006_16_sr.html
www.sec-consult.com/245.html
www.securityfocus.com/bid/15802
www.securityfocus.com/bid/15803
www.securityfocus.com/bid/15804
www.securityfocus.com/bid/15806
www.securityfocus.com/bid/15808
www.securityfocus.com/bid/15810
www.vupen.com/english/advisories/2005/2835