Lucene search

[email protected]CVE-2008-6746

HistoryApr 23, 2009 - 5:30 p.m.

CVE-2008-6746

2009-04-2317:30:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6746

cross-site scripting

xss

turba contact manager

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.

Affected configurations

NVD

Node

hordeturba_h3Range≤2.2

hordeturba_h3Match0.0.1

hordeturba_h3Match0.0.2

hordeturba_h3Match0.0.3

hordeturba_h3Match1.0

hordeturba_h3Match1.0rc4

hordeturba_h3Match1.1

hordeturba_h3Match1.2

hordeturba_h3Match1.2.1

hordeturba_h3Match1.2.2

hordeturba_h3Match1.2.3

hordeturba_h3Match1.2.4

hordeturba_h3Match1.2.5

hordeturba_h3Match2.0

hordeturba_h3Match2.0alpha

hordeturba_h3Match2.0beta

hordeturba_h3Match2.0rc1

hordeturba_h3Match2.0rc2

hordeturba_h3Match2.0rc3

hordeturba_h3Match2.0.1

hordeturba_h3Match2.0.1rc1

hordeturba_h3Match2.0.2

hordeturba_h3Match2.0.3

hordeturba_h3Match2.0.3rc1

hordeturba_h3Match2.0.4

hordeturba_h3Match2.0.5

hordeturba_h3Match2.1

hordeturba_h3Match2.1rc1

hordeturba_h3Match2.1.1

hordeturba_h3Match2.1.2

hordeturba_h3Match2.1.3

hordeturba_h3Match2.1.4

hordeturba_h3Match2.1.5

hordeturba_h3Match2.1.6

hordeturba_h3Match2.1.7

hordeturba_h3Match2.2alpha

hordeturba_h3Match2.2rc1

hordeturba_h3Match2.2rc2

hordeturba_h3Match2.2rc3

hordeturba_h3Match2.2rc4

CPENameOperatorVersion
horde:turba_h3horde turba h3le2.2
horde:turba_h3horde turba h3eq0.0.1
horde:turba_h3horde turba h3eq0.0.2
horde:turba_h3horde turba h3eq0.0.3
horde:turba_h3horde turba h3eq1.0
horde:turba_h3horde turba h3eq1.1
horde:turba_h3horde turba h3eq1.2
horde:turba_h3horde turba h3eq1.2.1
horde:turba_h3horde turba h3eq1.2.2
horde:turba_h3horde turba h3eq1.2.3

CPE	Name	Operator	Version
horde:turba_h3	horde turba h3	le	2.2
horde:turba_h3	horde turba h3	eq	0.0.1
horde:turba_h3	horde turba h3	eq	0.0.2
horde:turba_h3	horde turba h3	eq	0.0.3
horde:turba_h3	horde turba h3	eq	1.0
horde:turba_h3	horde turba h3	eq	1.1
horde:turba_h3	horde turba h3	eq	1.2
horde:turba_h3	horde turba h3	eq	1.2.1
horde:turba_h3	horde turba h3	eq	1.2.2
horde:turba_h3	horde turba h3	eq	1.2.3

Rows per page:

1-10 of 261

References

cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h

lists.horde.org/archives/announce/2008/000414.html

secunia.com/advisories/30704

www.securityfocus.com/bid/29743

exchange.xforce.ibmcloud.com/vulnerabilities/43098

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2008-6746

nvd1 cvelist1 prion1