CVE-2006-2195 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

Affected Software

Name	Vendor	Start Version	End Version
Horde	Horde	*	3.0.9 (including)
Horde	Horde	3.0 (including)	3.0 (including)
Horde	Horde	3.0.1 (including)	3.0.1 (including)
Horde	Horde	3.0.2 (including)	3.0.2 (including)
Horde	Horde	3.0.3 (including)	3.0.3 (including)
Horde	Horde	3.0.4 (including)	3.0.4 (including)
Horde	Horde	3.0.4_rc1 (including)	3.0.4_rc1 (including)
Horde	Horde	3.0.4_rc2 (including)	3.0.4_rc2 (including)
Horde	Horde	3.0.6 (including)	3.0.6 (including)
Horde	Horde	3.0.7 (including)	3.0.7 (including)
Horde	Horde	3.0.8 (including)	3.0.8 (including)
Horde3	Ubuntu	dapper	*
Horde3	Ubuntu	devel	*
Horde3	Ubuntu	edgy	*
Horde3	Ubuntu	feisty	*
Horde3	Ubuntu	gutsy	*
Horde3	Ubuntu	hardy	*
Horde3	Ubuntu	intrepid	*
Horde3	Ubuntu	jaunty	*
Horde3	Ubuntu	karmic	*

References

http://bugs.gentoo.org/show_bug.cgi?id=136830
http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146
http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt
http://secunia.com/advisories/20661
http://secunia.com/advisories/20672
http://secunia.com/advisories/20750
http://secunia.com/advisories/20849
http://secunia.com/advisories/20960
http://securitytracker.com/id?1016310
http://www.debian.org/security/2006/dsa-1098
http://www.debian.org/security/2006/dsa-1099
http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml
http://www.novell.com/linux/security/advisories/2006_16_sr.html
http://www.osvdb.org/26513
http://www.osvdb.org/26514
http://www.securityfocus.com/bid/18436
http://www.vupen.com/english/advisories/2006/2356
https://exchange.xforce.ibmcloud.com/vulnerabilities/27168
http://bugs.gentoo.org/show_bug.cgi?id=136830
http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146
http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt
http://secunia.com/advisories/20661
http://secunia.com/advisories/20672
http://secunia.com/advisories/20750
http://secunia.com/advisories/20849
http://secunia.com/advisories/20960
http://securitytracker.com/id?1016310
http://www.debian.org/security/2006/dsa-1098
http://www.debian.org/security/2006/dsa-1099
http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml
http://www.novell.com/linux/security/advisories/2006_16_sr.html
http://www.osvdb.org/26513
http://www.osvdb.org/26514
http://www.securityfocus.com/bid/18436
http://www.vupen.com/english/advisories/2006/2356
https://exchange.xforce.ibmcloud.com/vulnerabilities/27168

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2195
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html