Cross-Site Scripting Vulnerability in Horde Application Framework by Horde
CVE-2010-3077
Currently unrated
What is CVE-2010-3077?
A cross-site scripting (XSS) vulnerability exists in the util/icon_browser.php file of the Horde Application Framework prior to version 3.3.9. This flaw allows remote attackers to execute arbitrary web scripts or HTML by manipulating the subdir parameter. Exploiting this weakness enables attackers to potentially hijack user sessions, deface websites, or redirect users to malicious sites.
