Cross-Site Scripting Vulnerability in Horde Gollem by Horde
CVE-2010-3447

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
4 April 2011

What is CVE-2010-3447?

A Cross-Site Scripting (XSS) vulnerability exists in the view.php file of the Horde Gollem file viewer prior to version 1.1.2. This flaw enables remote attackers to inject arbitrary web scripts or HTML code by manipulating the file parameter in a view_file action, which can compromise user sessions, redirect users to malicious sites, or manipulate the content displayed to them. Developers and administrators using affected versions are advised to implement the necessary patches to mitigate potential security risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.