Cross-Site Scripting Vulnerability in Horde Application Framework by Horde
CVE-2010-3077

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
9 November 2010

What is CVE-2010-3077?

A cross-site scripting (XSS) vulnerability exists in the util/icon_browser.php file of the Horde Application Framework prior to version 3.3.9. This flaw allows remote attackers to execute arbitrary web scripts or HTML by manipulating the subdir parameter. Exploiting this weakness enables attackers to potentially hijack user sessions, deface websites, or redirect users to malicious sites.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.