FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3548

This CVE name corresponds to:

Entered Topic
2006-07-05 horde -- various problems in dereferrer

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3548 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3548
Phase Assigned(20060712)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).

References

Source Reference
BUGTRAQ 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
FULLDISC 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
MISC http://moritz-naumann.com/adv/0011/hordemulti/0011.txt
CONFIRM http://lists.horde.org/archives/announce/2006/000287.html
CONFIRM http://lists.horde.org/archives/announce/2006/000288.html
DEBIAN DSA-1406
SUSE SUSE-SR:2006:019
BID 18845
VUPEN ADV-2006-2694
SECTRACK 1016442
SECUNIA 20954
SECUNIA 21459
SECUNIA 27565
SREASON 1229
XF horde-multiple-functions-xss(27589)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.