CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...

CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...

CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...

GLSA-200511-20 : Horde Application Framework: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200511-20 Horde Application Framework: XSS vulnerability The Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via...

Horde Application Framework: XSS vulnerability

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...

CVE-2004-1081

The Application Framework AppKit for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session...

[SA14730] Horde Page Title Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Horde Page Title Cross-Site Scripting Vulnerability...

CVE-2004-2741

Cross-site scripting XSS vulnerability in the "help window" help.php in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 module, 2 topic, or 3 module parameters...

Horde Application Framework Help Window Multiple Parameter XSS

The target is running at least one instance of Horde in which the help subsystem is vulnerable to a cross-site scripting attack since information passed to the help window is not properly sanitized. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License...

Horde Software Detection

The remote host is running Horde, a PHP-based application framework from The Horde Project. This script was written by George A. Theall, . See the Nessus Scripts License for details. include"compat.inc"; if description scriptid15604; scriptversion"1.24";...

[SA12992] Horde "Help Window" Cross-Site Scripting Vulnerability

TITLE: Horde "Help Window" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12992 VERIFY ADVISORY: http://secunia.com/advisories/12992/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Horde Application Framework 2.x http://secunia.com/product/2016/...

Horde test.php Direct Reqest Information Disclosure

The remote server is running Horde or a related project along with one or more test scripts. These scripts may leak server-side information that is valuable to an attacker. %NASLMINLEVEL 70300 This script was written by Sverre H. Huseby See the Nessus Scripts License for details Changes by Tenabl...

Imp Webmail session hijacking vulnerability

It's possible to hijack an imp/horde session using a cross-site script attack, quite similar to the one explored by Marc Slemko in his "Microsoft Passport to Trouble" paper. - After hijacking the cookies, the attacker can use the session and read the victim's mail. - Imp...