Vulnerability Name: | CVE-2004-2741 (CCN-17881) | ||||||||
Assigned: | 2004-10-27 | ||||||||
Published: | 2004-10-27 | ||||||||
Updated: | 2017-07-29 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-2741 Source: CONFIRM Type: UNKNOWN http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u Source: CCN Type: Horde Announce Mailing List, Tue Oct 26 04:53:03 PDT 2004 Horde 2.2.7 (final) Source: MLIST Type: Patch [horde-announce] 20041026 Horde 2.2.7 (final) Source: CCN Type: SA12992 Horde "Help Window" Cross-Site Scripting Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 12992 Source: CCN Type: SECTRACK ID: 1011959 Horde Application Framework Input Validation Bug in Help Window Lets Remote Users Conduct Cross-Site Scripting Source: SECTRACK Type: UNKNOWN 1011959 Source: OSVDB Type: UNKNOWN 11164 Source: CCN Type: OSVDB ID: 11164 Horde Application Framework Help Window Multiple Parameter XSS Source: BID Type: UNKNOWN 11546 Source: CCN Type: BID-11546 Horde Application Framework Help Window Unspecified Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN horde-help-window-xss(17881) Source: XF Type: UNKNOWN horde-help-window-xss(17881) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |