CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-4190

LOW
3.5
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile31.44th
Published2005年12月13日
Last Modified2026年4月16日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

Affected Platforms (CPE)

📦
Horde

Horde Application Framework

= 1.0.0
📦
Horde

Horde Application Framework

= 1.0.2
📦
Horde

Horde Application Framework

= 1.0.2_1
📦
Horde

Horde Application Framework

= 1.0.3
📦
Horde

Horde Application Framework

= 1.0.3_2
📦
Horde

Horde Application Framework

= 1.0.3_3
📦
Horde

Horde Application Framework

= 1.0.3_4
📦
Horde

Horde Application Framework

= 1.0.4
📦
Horde

Horde Application Framework

= 1.0.5
📦
Horde

Horde Application Framework

= 1.0.6
📦
Horde

Horde Application Framework

= 1.0.8
📦
Horde

Horde Application Framework

= 1.0.9
📦
Horde

Horde Application Framework

= 1.0.10
📦
Horde

Horde Application Framework

= 1.0.11
📦
Horde

Horde Application Framework

= 1.2.0
📦
Horde

Horde Application Framework

= 1.2.1
📦
Horde

Horde Application Framework

= 1.2.2
📦
Horde

Horde Application Framework

= 1.2.3
📦
Horde

Horde Application Framework

= 1.2.4
📦
Horde

Horde Application Framework

= 1.2.5
📦
Horde

Horde Application Framework

= 1.2.6
📦
Horde

Horde Application Framework

= 1.2.7
📦
Horde

Horde Application Framework

= 1.2.8
📦
Horde

Horde Application Framework

= 1.3.3
📦
Horde

Horde Application Framework

= 1.3.4
📦
Horde

Horde Application Framework

= 2.0
📦
Horde

Horde Application Framework

= 2.1
📦
Horde

Horde Application Framework

= 2.2
📦
Horde

Horde Application Framework

= 2.2.1
📦
Horde

Horde Application Framework

= 2.2.3
📦
Horde

Horde Application Framework

= 2.2.4
📦
Horde

Horde Application Framework

= 2.2.5
📦
Horde

Horde Application Framework

= 2.2.6
📦
Horde

Horde Application Framework

= 2.2.7
📦
Horde

Horde Application Framework

= 2.2.8
📦
Horde

Horde Application Framework

= 2.2.9
📦
Horde

Horde Application Framework

= 3.0.1
📦
Horde

Horde Application Framework

= 3.0.2
📦
Horde

Horde Application Framework

= 3.0.3
📦
Horde

Horde Application Framework

= 3.0.4
📦
Horde

Horde Application Framework

= 3.0.5
📦
Horde

Horde Application Framework

= 3.0.6
📦
Horde

Horde Application Framework

= 3.0.7

References & Advisories

🔗 http://lists.horde.org/archives/announce/2005/000238.html
🔗 http://secunia.com/advisories/17970
🔗 http://secunia.com/advisories/19619
🔗 http://secunia.com/advisories/19897
🔗 http://secunia.com/advisories/20960
🔗 http://www.debian.org/security/2006/dsa-1033
🔗 http://www.novell.com/linux/security/advisories/2006_04_28.html
🔗 http://www.novell.com/linux/security/advisories/2006_16_sr.html

関連する脆弱性情報

CVE-2006-14917.5

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attacker...

CVE-2010-36946.8

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack ...

CVE-2007-14746.8

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1....

CVE-2007-60185.8

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecifi...