CVE-2008-6746

2009-04-2317:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.

References

cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h

lists.horde.org/archives/announce/2008/000414.html

secunia.com/advisories/30704

www.securityfocus.com/bid/29743

exchange.xforce.ibmcloud.com/vulnerabilities/43098