6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
FrSIRT advisory ADV-2006-2356 reports:
Multiple vulnerabilities have been identified in Horde
Application Framework, which may be exploited by attackers
to execute arbitrary scripting code. These flaws are due
to input validation errors in the “test.php” and
“templates/problem/problem.inc” scripts that do not
validate the “url”, “name”, “email”, “subject” and
“message” parameters, which could be exploited by
attackers to cause arbitrary scripting code to be executed
by the user’s browser in the security context of an
affected Web site.