CVE-2007-1473

Horde Application Framework - XSS

Title source: rule
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Moritz Naumann · textwebappsphp
https://www.exploit-db.com/exploits/29745

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462915/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_007_suse.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24528
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24995
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27565
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33013
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2427
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017775
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22984
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/33084
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1406
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0965
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.horde.org/archives/announce/2007/000315.html

Scores

EPSS 0.0285
EPSS Percentile 86.3%

Details

Status published
Products (37)
horde/horde_application_framework 1.2.0
horde/horde_application_framework 1.2.1
horde/horde_application_framework 1.2.2
horde/horde_application_framework 1.2.3
horde/horde_application_framework 1.2.4
horde/horde_application_framework 1.2.5
horde/horde_application_framework 1.2.6
horde/horde_application_framework 1.2.7
horde/horde_application_framework 1.2.8
horde/horde_application_framework 1.3.3
... and 27 more
Published Mar 16, 2007
Tracked Since Feb 18, 2026