Cross-site Scripting Vulnerability in Horde Framework by Horde Group
CVE-2007-1473

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
16 March 2007

What is CVE-2007-1473?

A Cross-site Scripting vulnerability exists in the login page of Horde Framework, specifically in the NLS.php file, prior to version 3.1.4 RC1. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'new_lang' parameter of 'login.php'. Attackers may exploit this vulnerability to execute malicious scripts in the context of the victim's session, leading to potential data theft or unauthorized actions. Security updates addressing this issue are critical for protecting user data and maintaining application integrity.

References

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.