CVE-2010-3077
Horde Application Framework <3.3.9 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Moritz Naumann · textwebappsphp
https://www.exploit-db.com/exploits/34605
References (7)
Scores
EPSS
0.0074
EPSS Percentile
72.6%
Classification
CWE
CWE-79
Status
published
Affected Products (50)
horde/horde_application_framework
< 3.3.8
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
horde/horde_application_framework
... and 35 more
Timeline
Published
Nov 09, 2010
Tracked Since
Feb 18, 2026