Cross-Site Scripting Vulnerabilities in Horde Nag Task List Manager
CVE-2005-4191

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
13 December 2005

What is CVE-2005-4191?

The Horde Nag Task List Manager H3 prior to version 2.0.4 contains multiple cross-site scripting (XSS) vulnerabilities within the tasklists.inc file. These flaws allow remote authenticated users to execute arbitrary web scripts or HTML. Specifically, an attacker can manipulate the tasklist's name or description fields to inject malicious content when creating a new tasklist. This can lead to various security risks, including theft of user credentials or session hijacking.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.