Required CVE Record Information
Description
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
References 10 Total
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456
- lists.horde.org: [horde-announce] 20060817 Horde 3.1.3 (final) mailing-list
- secunia.com: 27565 third-party-advisory
- securityreason.com: 1422 third-party-advisory
- securityfocus.com: 20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing mailing-list
- secunia.com: 21500 third-party-advisory
- vupen.com: ADV-2006-3309 vdb-entry
- debian.org: DSA-1406 vendor-advisory
- exchange.xforce.ibmcloud.com: horde-index-xss(28411) vdb-entry
- securitytracker.com: 1016713 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 10 Total
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456 x_transferred
- lists.horde.org: [horde-announce] 20060817 Horde 3.1.3 (final) mailing-listx_transferred
- secunia.com: 27565 third-party-advisoryx_transferred
- securityreason.com: 1422 third-party-advisoryx_transferred
- securityfocus.com: 20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing mailing-listx_transferred
- secunia.com: 21500 third-party-advisoryx_transferred
- vupen.com: ADV-2006-3309 vdb-entryx_transferred
- debian.org: DSA-1406 vendor-advisoryx_transferred
- exchange.xforce.ibmcloud.com: horde-index-xss(28411) vdb-entryx_transferred
- securitytracker.com: 1016713 vdb-entryx_transferred