CVE-2007-1473

🗓️ 16 Mar 2007 21:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 62 Views🌐 WEB

Cross-site scripting vulnerability in Horde Framework allows remote attackers to inject arbitrary web script or HTML

Reporter	Title	Published	Views	Family All 18
Tenable Nessus	Horde < 3.1.4 NLS.php new_lang Parameter XSS	15 Mar 200700:00	–	nessus
Tenable Nessus	Debian DSA-1406-1 : horde3 - several vulnerabilities	12 Nov 200700:00	–	nessus
Tenable Nessus	Horde NLS.php Language Selection new_lang Parameter XSS	16 Mar 200700:00	–	nessus
Tenable Nessus	SuSE9 Security Update : horde (YOU Patch Number 11488)	24 Sep 200900:00	–	nessus
Tenable Nessus	openSUSE 10 Security Update : horde (horde-3089)	17 Oct 200700:00	–	nessus
Cvelist	CVE-2007-1473	16 Mar 200721:00	–	cvelist
Debian	[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities	9 Nov 200722:47	–	debian
EUVD	EUVD-2007-1467	7 Oct 202500:30	–	euvd
NVD	CVE-2007-1473	16 Mar 200721:19	–	nvd
OpenVAS	Debian: Security Advisory (DSA-1406-1)	17 Jan 200800:00	–	openvas

NVD

Node

horde horde_application_frameworkMatch1.2.0

OR

horde horde_application_frameworkMatch1.2.1

OR

horde horde_application_frameworkMatch1.2.2

OR

horde horde_application_frameworkMatch1.2.3

OR

horde horde_application_frameworkMatch1.2.4

OR

horde horde_application_frameworkMatch1.2.5

OR

horde horde_application_frameworkMatch1.2.6

OR

horde horde_application_frameworkMatch1.2.7

OR

horde horde_application_frameworkMatch1.2.8

OR

horde horde_application_frameworkMatch1.3.3

OR

horde horde_application_frameworkMatch1.3.4

OR

horde horde_application_frameworkMatch2.0

OR

horde horde_application_frameworkMatch2.1

OR

horde horde_application_frameworkMatch2.2

OR

horde horde_application_frameworkMatch2.2.1

OR

horde horde_application_frameworkMatch2.2.3

OR

horde horde_application_frameworkMatch2.2.4

OR

horde horde_application_frameworkMatch2.2.5

OR

horde horde_application_frameworkMatch2.2.6

OR

horde horde_application_frameworkMatch2.2.7

OR

horde horde_application_frameworkMatch2.2.8

OR

horde horde_application_frameworkMatch2.2.9

OR

horde horde_application_frameworkMatch3.0.0

OR

horde horde_application_frameworkMatch3.0.1

OR

horde horde_application_frameworkMatch3.0.2

OR

horde horde_application_frameworkMatch3.0.3

OR

horde horde_application_frameworkMatch3.0.4

OR

horde horde_application_frameworkMatch3.0.5

OR

horde horde_application_frameworkMatch3.0.6

OR

horde horde_application_frameworkMatch3.0.7

OR

horde horde_application_frameworkMatch3.0.8

OR

horde horde_application_frameworkMatch3.0.9

OR

horde horde_application_frameworkMatch3.0.10

OR

horde horde_application_frameworkMatch3.1.0

OR

horde horde_application_frameworkMatch3.1.1

OR

horde horde_application_frameworkMatch3.1.2

OR

horde horde_application_frameworkMatch3.1.3

Source	Link
osvdb	www.osvdb.org/33084
secunia	www.secunia.com/advisories/24528
novell	www.novell.com/linux/security/advisories/2007_007_suse.html
lists	www.lists.horde.org/archives/announce/2007/000315.html
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/33013
vupen	www.vupen.com/english/advisories/2007/0965
secunia	www.secunia.com/advisories/27565
secunia	www.secunia.com/advisories/24995
securityfocus	www.securityfocus.com/archive/1/462915/100/0/threaded
securityreason	www.securityreason.com/securityalert/2427

Parameter	Position	Path	Description	CWE
new_lang	query param	login.php	XSS vulnerability in login.php via new_lang parameter allows injecting arbitrary script/HTML when language selection is used.	CWE-79

23 Apr 2026 00:35Current

5.3Medium risk

Vulners AI Score5.3

CVSS 24.3

EPSS0.02851

xss cross-site scripting cve-2007-1473 nvd security vulnerability horde framework web security