Horde Gollem 'file' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Horde Gollem and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Horde Gollem version 1.1.2 or later, For updates refer to http://www.horde.org/download/app/?app=gollem

Insight

The flaw is caused by improper validation of user-supplied input via the 'file' parameter to 'view.php', which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

Horde Gollem versions before 1.1.2

References

http://bugs.horde.org/ticket/9191
http://osvdb.org/68262
http://secunia.com/advisories/41624
http://www.vupen.com/english/advisories/2010/2523

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3447

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

/cgi-bin directory browsable ?
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
/doc directory browsable ?
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities