DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2006:009, published Fri, 28 Apr 2006 16:00:00 +0000
- SUSE-SR:2006:016, published Fri, 14 Jul 2006 17:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 02:41:15 2013
CVE page last modified: Fri Oct 7 12:45:32 2022