Web application abuses : Horde <= 3.3.8 XSS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100787

Categoría: Web application abuses

Título: Horde <= 3.3.8 XSS Vulnerability - Active Check

Resumen: Horde Framework is prone to a cross-site scripting (XSS); vulnerability because it fails to sufficiently sanitize user-supplied data.

Descripción: Summary:
Horde Framework is prone to a cross-site scripting (XSS)
vulnerability because it fails to sufficiently sanitize user-supplied data.

Vulnerability Impact:
An attacker may leverage this issue to execute arbitrary script
code in the browser of an unsuspecting user in the context of the affected site. This may help
the attacker steal cookie-based authentication credentials and launch other attacks.

Affected Software/OS:
Horde version 3.3.8 and prior.

Note: Additional products that use the Horde framework may also be vulnerable.

Solution:
The vendor has patched this issue in the latest GIT
repository. Contact the vendor for more information.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3077
20100906 XSS in Horde Application Framework <=3.3.8, icon_browser.php
http://seclists.org/fulldisclosure/2010/Sep/82
42140
http://secunia.com/advisories/42140
FEDORA-2010-16555
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html
FEDORA-2010-16592
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html
[announce] 20100928 Horde 3.3.9 (final)
http://lists.horde.org/archives/announce/2010/000557.html
http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9
https://bugzilla.redhat.com/show_bug.cgi?id=630687
Common Vulnerability Exposure (CVE) ID: CVE-2010-3694

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100787
Categoría:	Web application abuses
Título:	Horde <= 3.3.8 XSS Vulnerability - Active Check
Resumen:	Horde Framework is prone to a cross-site scripting (XSS); vulnerability because it fails to sufficiently sanitize user-supplied data.
Descripción:	Summary: Horde Framework is prone to a cross-site scripting (XSS) vulnerability because it fails to sufficiently sanitize user-supplied data. Vulnerability Impact: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: Horde version 3.3.8 and prior. Note: Additional products that use the Horde framework may also be vulnerable. Solution: The vendor has patched this issue in the latest GIT repository. Contact the vendor for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3077 20100906 XSS in Horde Application Framework <=3.3.8, icon_browser.php http://seclists.org/fulldisclosure/2010/Sep/82 42140 http://secunia.com/advisories/42140 FEDORA-2010-16555 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html FEDORA-2010-16592 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html [announce] 20100928 Horde 3.3.9 (final) http://lists.horde.org/archives/announce/2010/000557.html http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9 https://bugzilla.redhat.com/show_bug.cgi?id=630687 Common Vulnerability Exposure (CVE) ID: CVE-2010-3694
Copyright	Copyright (C) 2010 Greenbone AG