Lucene search

[email protected]CVE-2008-5917

HistoryJan 21, 2009 - 2:30 a.m.

CVE-2008-5917

2009-01-2102:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5917

xss

web security

remote code injection

horde application framework

internet explorer

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

Affected configurations

NVD

Node

hordeapplication_frameworkMatch3.2.2

hordeapplication_frameworkMatch3.3

AND

microsoftinternet_explorer

CPENameOperatorVersion
horde:application_frameworkhorde application frameworkeq3.2.2
horde:application_frameworkhorde application frameworkeq3.3

CPE	Name	Operator	Version
horde:application_framework	horde application framework	eq	3.2.2
horde:application_framework	horde application framework	eq	3.3

References

cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18

lists.horde.org/archives/announce/2008/000462.html

lists.horde.org/archives/announce/2008/000464.html

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

secunia.com/advisories/34418

secunia.com/advisories/34609

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2008-5917

openvas12 ubuntucve1 prion1 cvelist1 redhatcve1 nvd1 nessus7 debian2 securityvulns1 osv1 gentoo1 fedora3