Cross-Site Scripting Vulnerability in Horde and Turba Products
CVE-2008-3330

Currently unrated

Key Information:

Vendor: Debian
Status: Turba; Horde
Vendor: CVE Published:; 27 July 2008

Summary

An XSS vulnerability exists in the services/obrowser/index.php component of Horde 3.2 and Turba 2.2, which allows attackers to inject arbitrary HTML or web scripts via the manipulation of the contact name input. This could potentially compromise user data and website integrity.

References

http://www.securityfocus.com/bid/29745

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1020566

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/44198

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 27, 2008
Vulnerability Reserved
Jul 27, 2008