Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Cross-Site Scripting Vulnerability in Horde Framework - exploit.company
header-logo
Suggest Exploit
vendor:
Horde Framework
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Horde Framework
Affected Version From: Prior to version 3.1.4
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:horde_project:horde_framework
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in Horde Framework

The Horde Framework application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can inject HTML and script code, which will execute in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Horde Framework to version 3.1.4 or later. Additionally, input validation and output encoding should be implemented to properly sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22984/info

Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

This issue affects versions prior to 3.1.4. 

http://www.example.com/horde/[Horde_App]/login.php?new_lang=[xss]

Navigation

Suggest Exploit

Services By CQR