Lucene search
Moritz NaumannEDB-ID:29745HistoryMar 15, 2007 - 12:00 a.m.
Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting
2007-03-1500:00:00
Moritz Naumann
www.exploit-db.com
13
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/22984/info
Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
This issue affects versions prior to 3.1.4.
http://www.example.com/horde/[Horde_App]/login.php?new_lang=[xss] Related
cve
cve
CVE-2007-1473
2007-03-16 21:19:00
nessus
nessus
Horde NLS.php Language Selection new_lang Parameter XSS
2007-03-16 00:00:00
SuSE9 Security Update : horde (YOU Patch Number 11488)
2009-09-24 00:00:00
openSUSE 10 Security Update : horde (horde-3089)
2007-10-17 00:00:00
cvelist
cvelist
CVE-2007-1473
2007-03-16 21:00:00
nvd
nvd
CVE-2007-1473
2007-03-16 21:19:00
prion
prion
Cross site scripting
2007-03-16 21:19:00
openvas
openvas
SLES9: Security update for horde
2009-10-10 00:00:00
SLES9: Security update for horde
2009-10-10 00:00:00
Debian Security Advisory DSA 1406-1 (horde3)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2007-1473
2007-03-16 00:00:00
osv
osv
horde3 - several vulnerabilities
2007-11-09 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities
2007-11-09 22:47:35