CVE-2005-4190
Summary
| CVE | CVE-2005-4190 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-12-13 11:03:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Horde | Horde Application Framework | 1.0.0 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.10 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.11 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.2_1 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.5 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.6 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.8 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.9 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.0 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.5 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.6 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.7 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.8 | All | All | All |
| Application | Horde | Horde Application Framework | 1.3.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.3.4 | All | All | All |
| Application | Horde | Horde Application Framework | 2.0 | All | All | All |
| Application | Horde | Horde Application Framework | 2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.3 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.4 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.5 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.6 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.7 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.8 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.9 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.1 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.2 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.3 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.5 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.6 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.7 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Announcement | af854a3a-2127-422b-91ae-364da2661108 | www.novell.com | |
| Horde Mnemo Remote HTML Injection Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Horde Application Framework Input Validation Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Secunia - Advisories - SUSE Updates for Multiple Packages | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Debian update for horde3 - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| 404 - Page not found! - SEC Consult | af854a3a-2127-422b-91ae-364da2661108 | www.sec-consult.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Horde Kronolith Multiple HTML Injection Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Horde Nag Remote HTML Injection Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Horde Turba Multiple HTML Injection Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| [announce] Horde 3.0.8 (final) | af854a3a-2127-422b-91ae-364da2661108 | lists.horde.org | Patch |
| Debian -- Security Information -- DSA-1033-1 horde3 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Security Announcement | af854a3a-2127-422b-91ae-364da2661108 | www.novell.com | |
| Secunia - Advisories - Horde Script Insertion Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| SUSE Updates for Multiple Packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Horde Application Framework CSV File Upload Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.