Multiple Cross-Site Scripting Vulnerabilities in Horde Application Framework
CVE-2005-4190

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
13 December 2005

What is CVE-2005-4190?

The Horde Application Framework prior to version 3.0.8 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users to inject arbitrary web scripts or HTML via various input fields. The affected modules include Turba Address Book, Kronolith, Mnemo, and Nag, which are susceptible to exploitation through fields such as identity, category, label, mobile phone, date, and time, particularly during CSV file imports. This vulnerability underscores the necessity for secure input validation and sanitization to protect against potential attacks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.