Cross site scripting

2009-04-2317:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.

CPENameOperatorVersion
turba_h3eq0.0.2
turba_h3eq2.0 beta
turba_h3eq2.0.2
turba_h3eq2.2 rc3
turba_h3eq2.0 rc3
turba_h3eq1.2.5
turba_h3eq2.0.1 rc1
turba_h3eq2.0 rc2
turba_h3eq1.2.2
turba_h3eq2.0.1

Name	Operator	Version
turba_h3	eq	0.0.2
turba_h3	eq	2.0 beta
turba_h3	eq	2.0.2
turba_h3	eq	2.2 rc3
turba_h3	eq	2.0 rc3
turba_h3	eq	1.2.5
turba_h3	eq	2.0.1 rc1
turba_h3	eq	2.0 rc2
turba_h3	eq	1.2.2
turba_h3	eq	2.0.1

Rows per page:

1-10 of 401

References

cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h

lists.horde.org/archives/announce/2008/000414.html

secunia.com/advisories/30704

www.securityfocus.com/bid/29743

exchange.xforce.ibmcloud.com/vulnerabilities/43098