Lucene search

K
cve[email protected]CVE-2005-4190
HistoryDec 13, 2005 - 11:03 a.m.

CVE-2005-4190

2005-12-1311:03:00
CWE-79
web.nvd.nist.gov
23
horde
xss
vulnerabilities
csrf
remote authenticated users
web security
cve-2005-4190

5.4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.0%

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, © Mnemo, and (d) Nag.

5.4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.0%

Related for CVE-2005-4190