CVE-2005-3759

Published: Nov 22, 2005Modified: Apr 16, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

Affected (31)

Products: Horde: Horde

1 product

Configuration A

31 vulnerable

Vulnerable Software	Affected Versions
Horde Horde	Version 1.2.1
Horde Horde	Version 1.2.2
Horde Horde	Version 1.2.3
Horde Horde	Version 1.2.4
Horde Horde	Version 1.2.5
Horde Horde	Version 1.2.6
Horde Horde	Version 1.2.7
Horde Horde	Version 1.2.8
Horde Horde	Version 1.2
Horde Horde	Version 2.0
Horde Horde	Version 2.1.3
Horde Horde	Version 2.1
Horde Horde	Version 2.2.1
Horde Horde	Version 2.2.3
Horde Horde	Version 2.2.4
Horde Horde	Version 2.2.4_rc1
Horde Horde	Version 2.2.5
Horde Horde	Version 2.2.6
Horde Horde	Version 2.2.7
Horde Horde	Version 2.2.8
Horde Horde	Version 2.2.9
Horde Horde	Version 2.2
Horde Horde	Version 3.0.1
Horde Horde	Version 3.0.2
Horde Horde	Version 3.0.3
Horde Horde	Version 3.0.4
Horde Horde	Version 3.0.4_rc1
Horde Horde	Version 3.0.4_rc2
Horde Horde	Version 3.0.6
Horde Horde	Version 3.0.7
Horde Horde	Version 3.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://lists.horde.org/archives/announce/2005/000232.html

Source: security@debian.org

Patch

http://secunia.com/advisories/17599

Source: security@debian.org

PatchVendor Advisory

http://secunia.com/advisories/17703

Source: security@debian.org

PatchVendor Advisory

http://www.debian.org/security/2005/dsa-909

Source: security@debian.org

Patch

http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml

Source: security@debian.org

Patch

http://www.securityfocus.com/archive/1/417436/30/0/threaded

Source: security@debian.org

http://www.securityfocus.com/bid/15535

Source: security@debian.org

Patch

http://www.vupen.com/english/advisories/2005/2536

Source: security@debian.org

Vendor Advisory

http://lists.horde.org/archives/announce/2005/000232.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/17599

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/17703

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.debian.org/security/2005/dsa-909

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/417436/30/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15535

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2005/2536

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.