Multiple Cross-Site Scripting Vulnerabilities in Horde Application Framework
CVE-2005-4190
Currently unrated
What is CVE-2005-4190?
The Horde Application Framework prior to version 3.0.8 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users to inject arbitrary web scripts or HTML via various input fields. The affected modules include Turba Address Book, Kronolith, Mnemo, and Nag, which are susceptible to exploitation through fields such as identity, category, label, mobile phone, date, and time, particularly during CSV file imports. This vulnerability underscores the necessity for secure input validation and sanitization to protect against potential attacks.
