Unrated severityNVD Advisory· Published Dec 13, 2005· Updated Jun 16, 2026
CVE-2005-4190
CVE-2005-4190
Description
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
44cpe:2.3:a:horde:horde_application_framework:1.0.0:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:horde:horde_application_framework:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.2_1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.3_2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.3_3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.3_4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*
- (no CPE)range: <3.0.8
Patches
Vulnerability mechanics
References
16- lists.horde.org/archives/announce/2005/000238.htmlnvdPatch
- secunia.com/advisories/17970nvdPatchVendor Advisory
- secunia.com/advisories/19619nvdVendor Advisory
- secunia.com/advisories/19897nvdVendor Advisory
- secunia.com/advisories/20960nvdVendor Advisory
- www.vupen.com/english/advisories/2005/2835nvdVendor Advisory
- www.debian.org/security/2006/dsa-1033nvd
- www.novell.com/linux/security/advisories/2006_04_28.htmlnvd
- www.novell.com/linux/security/advisories/2006_16_sr.htmlnvd
- www.sec-consult.com/245.htmlnvd
- www.securityfocus.com/bid/15802nvd
- www.securityfocus.com/bid/15803nvd
- www.securityfocus.com/bid/15804nvd
- www.securityfocus.com/bid/15806nvd
- www.securityfocus.com/bid/15808nvd
- www.securityfocus.com/bid/15810nvd
News mentions
0No linked articles in our index yet.