Lucene search

[email protected]CVE-2010-3077

HistoryNov 09, 2010 - 9:00 p.m.

CVE-2010-3077

2010-11-0921:00:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-3077

cross-site scripting

xss

vulnerability

util/icon_browser.php

horde application framework

web script

html

subdir parameter

nvd

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON

Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.

Affected configurations

NVD

Node

hordehorde_application_frameworkRange≤3.3.8

hordehorde_application_frameworkMatch1.0.3

hordehorde_application_frameworkMatch1.1.1

hordehorde_application_frameworkMatch1.3.0

hordehorde_application_frameworkMatch1.3.1

hordehorde_application_frameworkMatch1.3.2

hordehorde_application_frameworkMatch1.3.3

hordehorde_application_frameworkMatch1.3.4

hordehorde_application_frameworkMatch1.3.5

hordehorde_application_frameworkMatch2.0

hordehorde_application_frameworkMatch2.0rc1

hordehorde_application_frameworkMatch2.0rc3

hordehorde_application_frameworkMatch2.0rc4

hordehorde_application_frameworkMatch2.1

hordehorde_application_frameworkMatch2.2

hordehorde_application_frameworkMatch2.2.1

hordehorde_application_frameworkMatch2.2.2

hordehorde_application_frameworkMatch2.2.3

hordehorde_application_frameworkMatch2.2.4

hordehorde_application_frameworkMatch2.2.5

hordehorde_application_frameworkMatch2.2.6

hordehorde_application_frameworkMatch2.2.6rc1

hordehorde_application_frameworkMatch2.2.7

hordehorde_application_frameworkMatch2.2.8

hordehorde_application_frameworkMatch2.2.9

hordehorde_application_frameworkMatch3.0

hordehorde_application_frameworkMatch3.0alpha

hordehorde_application_frameworkMatch3.0beta

hordehorde_application_frameworkMatch3.0rc1

hordehorde_application_frameworkMatch3.0rc2

hordehorde_application_frameworkMatch3.0rc3

hordehorde_application_frameworkMatch3.0.1

hordehorde_application_frameworkMatch3.0.2

hordehorde_application_frameworkMatch3.0.3

hordehorde_application_frameworkMatch3.0.3rc1

hordehorde_application_frameworkMatch3.0.4

hordehorde_application_frameworkMatch3.0.4rc1

hordehorde_application_frameworkMatch3.0.4rc2

hordehorde_application_frameworkMatch3.0.5

hordehorde_application_frameworkMatch3.0.5rc1

hordehorde_application_frameworkMatch3.0.5rc2

hordehorde_application_frameworkMatch3.0.6

hordehorde_application_frameworkMatch3.0.6rc1

hordehorde_application_frameworkMatch3.0.7

hordehorde_application_frameworkMatch3.0.8

hordehorde_application_frameworkMatch3.0.9

hordehorde_application_frameworkMatch3.0.10

hordehorde_application_frameworkMatch3.0.11

hordehorde_application_frameworkMatch3.0.12

hordehorde_application_frameworkMatch3.1

hordehorde_application_frameworkMatch3.1rc1

hordehorde_application_frameworkMatch3.1rc2

hordehorde_application_frameworkMatch3.1rc3

hordehorde_application_frameworkMatch3.1.1

hordehorde_application_frameworkMatch3.1.2

hordehorde_application_frameworkMatch3.1.3

hordehorde_application_frameworkMatch3.1.4

hordehorde_application_frameworkMatch3.1.4rc1

hordehorde_application_frameworkMatch3.1.5

hordehorde_application_frameworkMatch3.1.6

hordehorde_application_frameworkMatch3.1.7

hordehorde_application_frameworkMatch3.1.8

hordehorde_application_frameworkMatch3.1.9

hordehorde_application_frameworkMatch3.2

hordehorde_application_frameworkMatch3.2alpha

hordehorde_application_frameworkMatch3.2rc1

hordehorde_application_frameworkMatch3.2rc2

hordehorde_application_frameworkMatch3.2rc3

hordehorde_application_frameworkMatch3.2rc4

hordehorde_application_frameworkMatch3.2.1

hordehorde_application_frameworkMatch3.2.2

hordehorde_application_frameworkMatch3.2.3

hordehorde_application_frameworkMatch3.2.4

hordehorde_application_frameworkMatch3.2.5

hordehorde_application_frameworkMatch3.3

hordehorde_application_frameworkMatch3.3rc1

hordehorde_application_frameworkMatch3.3.1

hordehorde_application_frameworkMatch3.3.2

hordehorde_application_frameworkMatch3.3.3

hordehorde_application_frameworkMatch3.3.4

hordehorde_application_frameworkMatch3.3.4rc1

hordehorde_application_frameworkMatch3.3.5

hordehorde_application_frameworkMatch3.3.6

hordehorde_application_frameworkMatch3.3.7

CPENameOperatorVersion
horde:horde_application_frameworkhorde horde application frameworkle3.3.8
horde:horde_application_frameworkhorde horde application frameworkeq1.0.3
horde:horde_application_frameworkhorde horde application frameworkeq1.1.1
horde:horde_application_frameworkhorde horde application frameworkeq1.3.0
horde:horde_application_frameworkhorde horde application frameworkeq1.3.1
horde:horde_application_frameworkhorde horde application frameworkeq1.3.2
horde:horde_application_frameworkhorde horde application frameworkeq1.3.3
horde:horde_application_frameworkhorde horde application frameworkeq1.3.4
horde:horde_application_frameworkhorde horde application frameworkeq1.3.5
horde:horde_application_frameworkhorde horde application frameworkeq2.0

CPE	Name	Operator	Version
horde:horde_application_framework	horde horde application framework	le	3.3.8
horde:horde_application_framework	horde horde application framework	eq	1.0.3
horde:horde_application_framework	horde horde application framework	eq	1.1.1
horde:horde_application_framework	horde horde application framework	eq	1.3.0
horde:horde_application_framework	horde horde application framework	eq	1.3.1
horde:horde_application_framework	horde horde application framework	eq	1.3.2
horde:horde_application_framework	horde horde application framework	eq	1.3.3
horde:horde_application_framework	horde horde application framework	eq	1.3.4
horde:horde_application_framework	horde horde application framework	eq	1.3.5
horde:horde_application_framework	horde horde application framework	eq	2.0

Rows per page:

1-10 of 581

References

git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9

lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html

lists.horde.org/archives/announce/2010/000557.html

seclists.org/fulldisclosure/2010/Sep/82

secunia.com/advisories/42140

bugzilla.redhat.com/show_bug.cgi?id=630687