Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability Network Vulnerability

Summary

Horde Turba is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user other attacks are also possible. Horde 3.1.7, 3.2, and prior versions are vulnerable.

References

http://www.securityfocus.com/bid/29745

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3330

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Take action and discover your vulnerabilities