Application Framework
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3548 | 0.00 | — | 0.02 | Jul 13, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url… | |||
| CVE-2006-3549 | 0.00 | — | 0.02 | Jul 13, 2006 | services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp… | |||
| CVE-2005-4190 | 0.00 | — | 0.02 | Dec 13, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4)… | |||
| CVE-2005-0961 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | |||
| CVE-2004-2741 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. |
- CVE-2006-3548Jul 13, 2006risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url…
- CVE-2006-3549Jul 13, 2006risk 0.00cvss —epss 0.02
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp…
- CVE-2005-4190Dec 13, 2005risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4)…
- CVE-2005-0961May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
- CVE-2004-2741Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
Page 2 of 2