CVE-2005-4190
Summary
| CVE | CVE-2005-4190 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-12-13 11:03:00 UTC |
| Updated | 2011-09-13 04:00:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Horde | Horde Application Framework | 1.0.0 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.10 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.11 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.2_1 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.5 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.6 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.8 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.9 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.0 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.5 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.6 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.7 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.8 | All | All | All |
| Application | Horde | Horde Application Framework | 1.3.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.3.4 | All | All | All |
| Application | Horde | Horde Application Framework | 2.0 | All | All | All |
| Application | Horde | Horde Application Framework | 2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.3 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.4 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.5 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.6 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.7 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.8 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.9 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.1 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.2 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.3 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.5 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.6 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.7 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.0 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.10 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.11 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.2_1 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.3_4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.5 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.6 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.8 | All | All | All |
| Application | Horde | Horde Application Framework | 1.0.9 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.0 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.2 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.4 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.5 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.6 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.7 | All | All | All |
| Application | Horde | Horde Application Framework | 1.2.8 | All | All | All |
| Application | Horde | Horde Application Framework | 1.3.3 | All | All | All |
| Application | Horde | Horde Application Framework | 1.3.4 | All | All | All |
| Application | Horde | Horde Application Framework | 2.0 | All | All | All |
| Application | Horde | Horde Application Framework | 2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.1 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.3 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.4 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.5 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.6 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.7 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.8 | All | All | All |
| Application | Horde | Horde Application Framework | 2.2.9 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.1 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.2 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.3 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.4 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.5 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.6 | All | All | All |
| Application | Horde | Horde Application Framework | 3.0.7 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Horde Mnemo Remote HTML Injection Vulnerabilities | BID | www.securityfocus.com | |
| Debian update for horde3 - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Secunia - Advisories - SUSE Updates for Multiple Packages | SECUNIA | secunia.com | Vendor Advisory |
| Security Announcement | SUSE | www.novell.com | |
| 404 - Page not found! - SEC Consult | MISC | www.sec-consult.com | |
| Debian -- Security Information -- DSA-1033-1 horde3 | DEBIAN | www.debian.org | |
| Security Announcement | SUSE | www.novell.com | |
| Horde Kronolith Multiple HTML Injection Vulnerabilities | BID | www.securityfocus.com | |
| [announce] Horde 3.0.8 (final) | MLIST | lists.horde.org | Patch |
| Horde Turba Multiple HTML Injection Vulnerabilities | BID | www.securityfocus.com | |
| Secunia - Advisories - Horde Script Insertion Vulnerabilities | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Horde Nag Remote HTML Injection Vulnerabilities | BID | www.securityfocus.com | |
| SUSE Updates for Multiple Packages - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Horde Application Framework CSV File Upload Code Execution Vulnerability | BID | www.securityfocus.com | |
| Horde Application Framework Input Validation Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.