CVE-2010-3447

Published: Apr 4, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.

Affected (14)

Products: Horde: Gollem

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Horde Gollem	Up to 1.1.1
Horde Gollem	Version 1.0.1
Horde Gollem	Version 1.0.1 rc1
Horde Gollem	Version 1.0.2
Horde Gollem	Version 1.0.2 rc1
Horde Gollem	Version 1.0.3
Horde Gollem	Version 1.0.4
Horde Gollem	Version 1.0
Horde Gollem	Version 1.0 alpha
Horde Gollem	Version 1.0 beta
Horde Gollem	Version 1.0 rc1
Horde Gollem	Version 1.0 rc2
Horde Gollem	Version 1.1
Horde Gollem	Version 1.1 rc1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (26)

http://bugs.horde.org/ticket/9191

Source: secalert@redhat.com

ExploitPatch

http://git.horde.org/diff.php/gollem/view.php?rt=horde&r1=1.51.2.6&r2=1.51.2.7&ty=u

Source: secalert@redhat.com

Patch

http://git.horde.org/diff.php/gollem/view.php?rt=horde-git&r1=7f7a4300f16b429ed645bc3e2af2cedffc70ce3e&r2=025a1bfbe69622036f8e3a27a6edd39c02dcd4ea

Source: secalert@redhat.com

Patch

http://lists.horde.org/archives/announce/2010/000565.html

Source: secalert@redhat.com

Patch

http://lists.horde.org/archives/commits/2010-August/004747.html

Source: secalert@redhat.com

Patch

http://openwall.com/lists/oss-security/2010/09/29/11

Source: secalert@redhat.com

ExploitPatch

http://openwall.com/lists/oss-security/2010/09/30/5

Source: secalert@redhat.com

ExploitPatch

http://openwall.com/lists/oss-security/2010/09/30/7

Source: secalert@redhat.com

ExploitPatch

http://openwall.com/lists/oss-security/2010/09/30/8

Source: secalert@redhat.com

Patch

http://secunia.com/advisories/41624

Source: secalert@redhat.com

Vendor Advisory

http://www.osvdb.org/68262

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/2523

Source: secalert@redhat.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62091

Source: secalert@redhat.com

http://bugs.horde.org/ticket/9191

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://git.horde.org/diff.php/gollem/view.php?rt=horde&r1=1.51.2.6&r2=1.51.2.7&ty=u

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://git.horde.org/diff.php/gollem/view.php?rt=horde-git&r1=7f7a4300f16b429ed645bc3e2af2cedffc70ce3e&r2=025a1bfbe69622036f8e3a27a6edd39c02dcd4ea

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.horde.org/archives/announce/2010/000565.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.horde.org/archives/commits/2010-August/004747.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://openwall.com/lists/oss-security/2010/09/29/11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://openwall.com/lists/oss-security/2010/09/30/5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://openwall.com/lists/oss-security/2010/09/30/7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://openwall.com/lists/oss-security/2010/09/30/8

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/41624

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/68262

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2523

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62091

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.