Lucene search
Moritz NaumannEDB-ID:34605HistorySep 06, 2010 - 12:00 a.m.
Horde Application Framework 3.3.8 - 'icon_browser.php' Cross-Site Scripting
2010-09-0600:00:00
Moritz Naumann
www.exploit-db.com
15
source: https://www.securityfocus.com/bid/43001/info
Horde Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to and including Horde 3.3.8.
Note that additional products that use the Horde framework may also be vulnerable.
http://www.example.com/util/icon_browser.php?subdir=[xss]&app=horde Related
prion
prion
Cross site scripting
2010-11-09 21:00:00
cve
cve
CVE-2010-3077
2010-11-09 21:00:04
cvelist
cvelist
CVE-2010-3077
2010-11-09 20:00:00
ubuntucve
ubuntucve
CVE-2010-3077
2010-11-09 00:00:00
nvd
nvd
CVE-2010-3077
2010-11-09 21:00:04
nessus
nessus
Horde util/icon_browser.php subdir Parameter XSS
2010-09-07 00:00:00
Fedora 13 : horde-3.3.9-1.fc13 (2010-16555)
2010-11-07 00:00:00
Fedora 14 : horde-3.3.9-1.fc14 (2010-16525)
2010-11-07 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: horde-3.3.9-1.fc12
2010-11-05 04:44:52
[SECURITY] Fedora 14 Update: horde-3.3.9-1.fc14
2010-11-05 22:59:15
[SECURITY] Fedora 13 Update: horde-3.3.9-1.fc13
2010-11-05 22:54:23
osv
osv
horde3 - several
2011-07-16 00:00:00
openvas
openvas
Fedora Update for horde FEDORA-2010-16555
2010-11-16 00:00:00
Debian Security Advisory DSA 2278-1 (horde3)
2011-08-03 00:00:00
Fedora Update for horde FEDORA-2010-16525
2010-12-02 00:00:00
debian
debian
[SECURITY] [DSA 2278-1] horde3 security update
2011-07-16 03:37:31