Vulnerability Name:

CVE-2005-1313 (CCN-20235)

Assigned:2005-04-25
Published:2005-04-25
Updated:2008-09-05
Summary:Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-1313

Source: MITRE
Type: CNA
CVE-2005-1314

Source: MITRE
Type: CNA
CVE-2005-1315

Source: MITRE
Type: CNA
CVE-2005-1316

Source: MITRE
Type: CNA
CVE-2005-1317

Source: MITRE
Type: CNA
CVE-2005-1318

Source: MITRE
Type: CNA
CVE-2005-1319

Source: MITRE
Type: CNA
CVE-2005-1320

Source: MITRE
Type: CNA
CVE-2005-1321

Source: MITRE
Type: CNA
CVE-2005-1322

Source: CCN
Type: Horde CVS Repository Web page
Version Control :: Horde CVS Respository

Source: CCN
Type: Source Directory of /accounts Web page
Version Control :: Source Directory of /accounts

Source: CCN
Type: Source Directory of /chora Web page
Version Control :: Source Directory of /chora

Source: CCN
Type: Source Directory of /forwards Web page
Version Control :: Source Directory of /forwards

Source: CCN
Type: Source Directory of /nag Web page
Version Control :: Source Directory of /nag

Source: CONFIRM
Type: UNKNOWN
http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h

Source: MLIST
Type: Patch
[sork] 20050422 Passwd 2.2.2 (final)

Source: CCN
Type: SA15073
Vacation Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15074
Turba Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15075
Passwd Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Patch
15075

Source: CCN
Type: SA15078
Mnemo Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15079
Nag Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15080
Kronolith Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15081
Accounts Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15082
Forwards Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA15083
Chora Parent Frame Page Title Cross-Site Scripting Vulnerability

Source: CCN
Type: SA17968
Turba Script Insertion Vulnerabilities

Source: CCN
Type: IMP Download Web page
IMP download

Source: CCN
Type: IMP Web page
IMP Webmail Client

Source: CCN
Type: Kronolith Calendar Application Web page
Kronolith Calendar Application

Source: CCN
Type: Kronolith Download Web page
Kronolith Download

Source: CCN
Type: Mnemo Download Web page
Mnemo Download

Source: CCN
Type: Mnemo Web page
Mnemo Development News

Source: CCN
Type: Horde Web site
Horde CVS Modules

Source: CCN
Type: Turba Download Web page
Turba Download

Source: CCN
Type: Turba Web page
Turba Contact Manager

Source: CCN
Type: Vacation Download Web page
vacaton downloadvacaton

Source: CCN
Type: Vacation Web page
Vacation

Source: CCN
Type: OSVDB ID: 15762
Horde Accounts Module Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15763
Horde Multiple Module Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15764
Horde Turba Contact Manager common-footer.inc Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15765
Horde Passwd Module Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15766
Horde Mnemo Application Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15767
Horde Nag Application Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15768
Horde Chora Tool Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15769
Horde Forwards Module Parent Frame Page Title XSS

Source: CCN
Type: OSVDB ID: 15797
Horde Vacation Module Parent Frame Page Title XSS

Source: CCN
Type: BID-13360
Horde Vacation Remote Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13362
Horde MNemo Remote Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13363
Horde Nag Remote Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13364
Horde Chora Remote Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13365
Horde Accounts Module Remote Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13366
Horde Forward Module Remote Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
multiple-page-title-xss(20235)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:horde:passwd:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:horde:passwd:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:passwd:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:passwd:2.2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:horde:imp:3.2.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    horde passwd 2.0
    horde passwd 2.1
    horde passwd 2.2
    horde passwd 2.2.1
    horde imp 3.2.7
    gentoo linux *