CVE-2010-3077

Cross-site scripting XSS vulnerability in util/iconbrowser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter...

CVE-2010-3077

The CVE-2010-3077 issue is a cross-site scripting (XSS) vulnerability in Horde Application Framework (util/icon_browser.php) before version 3.3.9 that allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. Affected product: Horde/Horde3 web framework (before 3.3....

XSS in Horde Application Framework <=3.3.8, icon_browser.php

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...

Horde Application Framework 3.3.8 Cross Site Scripting

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...

Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability

Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacke...

horde-base -- XSS and CSRF vulnerabilities

The Horde team reports: Thanks to Naumann IT Security Consulting for reporting the XSS vulnerability. Thanks to Secunia for releasing an advisory for the new CSRF protection in the preference interface The major changes compared to Horde version 3.3.8 are: Fixed XSS vulnerability in...