Horde Help Subsystem XSS Network Vulnerability

Summary

The target is running at least one instance of Horde in which the help subsystem is vulnerable to a cross site scripting attack since information passed to the help window is not properly sanitized.

Solution

Upgrade to Horde version 2.2.7 or later.

Severity

Classification

CVE CVE-2004-2741

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
/doc directory browsable ?
123 Flash Chat Multiple Security Vulnerabilities

Take action and discover your vulnerabilities