| Vulnerability Name: | CVE-2006-2195 (CCN-27168) | ||||||||||||||||
| Assigned: | 2006-06-14 | ||||||||||||||||
| Published: | 2006-06-14 | ||||||||||||||||
| Updated: | 2017-07-20 | ||||||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. This vulnerability is addressed in the following product release: Horde, Horde, 3.1.1 | ||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=136830 Source: MITRE Type: CNA CVE-2006-2195 Source: CONFIRM Type: UNKNOWN http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146 Source: CONFIRM Type: UNKNOWN http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc Source: MISC Type: UNKNOWN http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt Source: CCN Type: SA20661 Horde Cross-Site Scripting Vulnerabilities Source: SECUNIA Type: UNKNOWN 20661 Source: SECUNIA Type: Vendor Advisory 20672 Source: SECUNIA Type: Vendor Advisory 20750 Source: SECUNIA Type: Vendor Advisory 20849 Source: SECUNIA Type: UNKNOWN 20960 Source: CCN Type: SECTRACK ID: 1016310 Horde Application Framework Multiple Input Validation Holes Permit Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1016310 Source: DEBIAN Type: Patch, Vendor Advisory DSA-1098 Source: DEBIAN Type: UNKNOWN DSA-1099 Source: DEBIAN Type: DSA-1098 horde3 -- missing input sanitising Source: DEBIAN Type: DSA-1099 horde2 -- missing input sanitising Source: CCN Type: GLSA-200606-28 Horde Web Application Framework: XSS vulnerability Source: GENTOO Type: UNKNOWN GLSA-200606-28 Source: CCN Type: Horde Web site The Horde Application Framework Source: SUSE Type: UNKNOWN SUSE-SR:2006:016 Source: OSVDB Type: UNKNOWN 26513 Source: OSVDB Type: UNKNOWN 26514 Source: CCN Type: OSVDB ID: 26513 Horde test.php url Parameter XSS Source: CCN Type: OSVDB ID: 26514 Horde /templates/problem/problem.inc Multiple Parameter XSS Source: BID Type: UNKNOWN 18436 Source: CCN Type: BID-18436 Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-2356 Source: XF Type: UNKNOWN horde-test-problem-xss(27168) Source: XF Type: UNKNOWN horde-test-problem-xss(27168) Source: SUSE Type: SUSE-SR:2006:016 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||