Lucene search

K
cve[email protected]CVE-2008-5917
HistoryJan 21, 2009 - 2:30 a.m.

CVE-2008-5917

2009-01-2102:30:00
CWE-79
web.nvd.nist.gov
63
cve-2008-5917
xss
web security
remote code injection
horde application framework
internet explorer

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.0%

Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.

Affected configurations

NVD
Node
hordeapplication_frameworkMatch3.2.2
OR
hordeapplication_frameworkMatch3.3
AND
microsoftinternet_explorer

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.0%