CVE-2005-3759

Horde - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

References (8)

[Patch] http://lists.horde.org/archives/announce/2005/000232.html

[Patch, Vendor Advisory] http://secunia.com/advisories/17599

[Patch, Vendor Advisory] http://secunia.com/advisories/17703

[Patch] http://www.debian.org/security/2005/dsa-909

[Patch] http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml

[Patch] http://www.securityfocus.com/bid/15535

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2536

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/417436/30/0/threaded

Scores

EPSS 0.0071

EPSS Percentile 72.1%

Classification

CWE

CWE-79

Status draft

Affected Products (31)

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

horde/horde

... and 16 more

Timeline

Published Nov 22, 2005

Tracked Since Feb 18, 2026