header-logo
Suggest Exploit
vendor:
Horde Framework
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Horde Framework
Affected Version From: Prior to version 3.1.4
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:horde_project:horde_framework
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in Horde Framework

The Horde Framework application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can inject HTML and script code, which will execute in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Horde Framework to version 3.1.4 or later. Additionally, input validation and output encoding should be implemented to properly sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22984/info

Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

This issue affects versions prior to 3.1.4. 

http://www.example.com/horde/[Horde_App]/login.php?new_lang=[xss]

Navigation

Suggest Exploit

Services By CQR