2 matches found
CVE-2010-3447
The CVE-2010-3447 entry describes a cross-site scripting (XSS) vulnerability in Horde Gollem’s file viewer. Specifically, view.php in the viewer accepts a file parameter in a view_file action, allowing remote attackers to inject arbitrary web script or HTML. Affected software is Horde Gollem up t...
CVE-2010-3447
Cross-site scripting XSS vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a viewfile action...