| Vulnerability Name: | CVE-2005-3759 (CCN-23205) | ||||||||||||
| Assigned: | 2005-11-22 | ||||||||||||
| Published: | 2005-11-22 | ||||||||||||
| Updated: | 2018-10-19 | ||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | ||||||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Nov 22 2005 - 11:50:44 CS Horde MIME Viewer vulnerability Source: MITRE Type: CNA CVE-2005-3759 Source: CCN Type: Horde Announce Mailing List, Tue Nov 22 09:09:39 PST 2005 Horde 3.0.7 (final) Source: MLIST Type: Patch [horde-announce] 20051122 Horde 3.0.7 (final) Source: SECUNIA Type: Patch, Vendor Advisory 17599 Source: CCN Type: SA17703 Horde MIME Viewers Script Insertion Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 17703 Source: DEBIAN Type: Patch DSA-909 Source: DEBIAN Type: DSA-909 horde3 -- missing input sanitising Source: GENTOO Type: Patch GLSA-200511-20 Source: CCN Type: OSVDB ID: 21051 Horde MIME Viewers Attachment Script Insertion Source: BUGTRAQ Type: UNKNOWN 20051122 Horde MIME Viewer vulnerability Source: BID Type: Patch 15535 Source: CCN Type: BID-15535 Horde MIME Viewer Inline Attachment HTML Injection Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2005-2536 Source: XF Type: UNKNOWN horde-mime-viewer-xss(23205) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||