FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-2195

This CVE name corresponds to:

Entered Topic
2006-06-17 horde -- multiple parameter cross site scripting vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-2195 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-2195
Phase Assigned(20060504)

Description

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

References

Source Reference
MISC http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=136830
CONFIRM http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
CONFIRM http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
DEBIAN DSA-1098
DEBIAN DSA-1099
GENTOO GLSA-200606-28
SUSE SUSE-SR:2006:016
BID 18436
VUPEN ADV-2006-2356
OSVDB 26513
OSVDB 26514
SECTRACK 1016310
SECUNIA 20672
SECUNIA 20750
SECUNIA 20849
SECUNIA 20661
SECUNIA 20960
XF horde-test-problem-xss(27168)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.