CVE-2005-4190
Horde Application Framework - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
References (16)
Scores
EPSS
0.0083
EPSS Percentile
74.3%
Classification
CWE
CWE-79
Status
draft
Affected Products (43)
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
... and 28 more
Timeline
Published
Dec 13, 2005
Tracked Since
Feb 18, 2026