VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3077
horde_application_framework: Cross-site scripting (XSS) vulnerability in util/ic...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3077

Original

Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-11-09
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-10




Affected Product Tags
cpe:/a:horde:horde_application_framework:1.0.3
cpe:/a:horde:horde_application_framework:1.1.1
cpe:/a:horde:horde_application_framework:1.3.0
cpe:/a:horde:horde_application_framework:1.3.1
cpe:/a:horde:horde_application_framework:1.3.2
cpe:/a:horde:horde_application_framework:1.3.3
cpe:/a:horde:horde_application_framework:1.3.4
cpe:/a:horde:horde_application_framework:1.3.5
cpe:/a:horde:horde_application_framework:2.0
cpe:/a:horde:horde_application_framework:2.0:rc1
cpe:/a:horde:horde_application_framework:2.0:rc3
cpe:/a:horde:horde_application_framework:2.0:rc4
cpe:/a:horde:horde_application_framework:2.1
cpe:/a:horde:horde_application_framework:2.2
cpe:/a:horde:horde_application_framework:2.2.1
cpe:/a:horde:horde_application_framework:2.2.2
cpe:/a:horde:horde_application_framework:2.2.3
cpe:/a:horde:horde_application_framework:2.2.4
cpe:/a:horde:horde_application_framework:2.2.5
cpe:/a:horde:horde_application_framework:2.2.6
cpe:/a:horde:horde_application_framework:2.2.6:rc1
cpe:/a:horde:horde_application_framework:2.2.7
cpe:/a:horde:horde_application_framework:2.2.8
cpe:/a:horde:horde_application_framework:2.2.9
cpe:/a:horde:horde_application_framework:3.0
cpe:/a:horde:horde_application_framework:3.0.1
cpe:/a:horde:horde_application_framework:3.0.10
cpe:/a:horde:horde_application_framework:3.0.11
cpe:/a:horde:horde_application_framework:3.0.12
cpe:/a:horde:horde_application_framework:3.0.2
cpe:/a:horde:horde_application_framework:3.0.3
cpe:/a:horde:horde_application_framework:3.0.3:rc1
cpe:/a:horde:horde_application_framework:3.0.4
cpe:/a:horde:horde_application_framework:3.0.4:rc1
cpe:/a:horde:horde_application_framework:3.0.4:rc2
cpe:/a:horde:horde_application_framework:3.0.5
cpe:/a:horde:horde_application_framework:3.0.5:rc1
cpe:/a:horde:horde_application_framework:3.0.5:rc2
cpe:/a:horde:horde_application_framework:3.0.6
cpe:/a:horde:horde_application_framework:3.0.6:rc1
cpe:/a:horde:horde_application_framework:3.0.7
cpe:/a:horde:horde_application_framework:3.0.8
cpe:/a:horde:horde_application_framework:3.0.9
cpe:/a:horde:horde_application_framework:3.0:alpha
cpe:/a:horde:horde_application_framework:3.0:beta
cpe:/a:horde:horde_application_framework:3.0:rc1
cpe:/a:horde:horde_application_framework:3.0:rc2
cpe:/a:horde:horde_application_framework:3.0:rc3
cpe:/a:horde:horde_application_framework:3.1
cpe:/a:horde:horde_application_framework:3.1.1
cpe:/a:horde:horde_application_framework:3.1.2
cpe:/a:horde:horde_application_framework:3.1.3
cpe:/a:horde:horde_application_framework:3.1.4
cpe:/a:horde:horde_application_framework:3.1.4:rc1
cpe:/a:horde:horde_application_framework:3.1.5
cpe:/a:horde:horde_application_framework:3.1.6
cpe:/a:horde:horde_application_framework:3.1.7
cpe:/a:horde:horde_application_framework:3.1.8
cpe:/a:horde:horde_application_framework:3.1.9
cpe:/a:horde:horde_application_framework:3.1:rc1
cpe:/a:horde:horde_application_framework:3.1:rc2
cpe:/a:horde:horde_application_framework:3.1:rc3
cpe:/a:horde:horde_application_framework:3.2
cpe:/a:horde:horde_application_framework:3.2.1
cpe:/a:horde:horde_application_framework:3.2.2
cpe:/a:horde:horde_application_framework:3.2.3
cpe:/a:horde:horde_application_framework:3.2.4
cpe:/a:horde:horde_application_framework:3.2.5
cpe:/a:horde:horde_application_framework:3.2:alpha
cpe:/a:horde:horde_application_framework:3.2:rc1
cpe:/a:horde:horde_application_framework:3.2:rc2
cpe:/a:horde:horde_application_framework:3.2:rc3
cpe:/a:horde:horde_application_framework:3.2:rc4
cpe:/a:horde:horde_application_framework:3.3
cpe:/a:horde:horde_application_framework:3.3.1
cpe:/a:horde:horde_application_framework:3.3.2
cpe:/a:horde:horde_application_framework:3.3.3
cpe:/a:horde:horde_application_framework:3.3.4
cpe:/a:horde:horde_application_framework:3.3.4:rc1
cpe:/a:horde:horde_application_framework:3.3.5
cpe:/a:horde:horde_application_framework:3.3.6
cpe:/a:horde:horde_application_framework:3.3.7
cpe:/a:horde:horde_application_framework:3.3.8 and previous versions
cpe:/a:horde:horde_application_framework:3.3:rc1
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=630687




FULLDISC 20100906 XSS in Horde Application Framework <=3.3.8, icon_browser.php




MLIST [announce] 20100928 Horde 3.3.9 (final)




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




Copyright © 2010 JPCERT/CC All Rights Reserved.