CVE-2006-2195 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

Affected Software

Name	Vendor	Start Version	End Version
Horde	Horde	*	3.0.9 (including)
Horde	Horde	3.0 (including)	3.0 (including)
Horde	Horde	3.0.1 (including)	3.0.1 (including)
Horde	Horde	3.0.2 (including)	3.0.2 (including)
Horde	Horde	3.0.3 (including)	3.0.3 (including)
Horde	Horde	3.0.4 (including)	3.0.4 (including)
Horde	Horde	3.0.4_rc1 (including)	3.0.4_rc1 (including)
Horde	Horde	3.0.4_rc2 (including)	3.0.4_rc2 (including)
Horde	Horde	3.0.6 (including)	3.0.6 (including)
Horde	Horde	3.0.7 (including)	3.0.7 (including)
Horde	Horde	3.0.8 (including)	3.0.8 (including)

References

http://bugs.gentoo.org/show_bug.cgi?id=136830
http://cvs.horde.org/diff.php?f=horde%2Ftest.php\u0026r1=1.145\u0026r2=1.146
http://cvs.horde.org/diff.php?r1=2.25\u0026r2=2.26\u0026f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4\u0026format=txt
http://secunia.com/advisories/20661
http://secunia.com/advisories/20672
http://secunia.com/advisories/20750
http://secunia.com/advisories/20849
http://secunia.com/advisories/20960
http://securitytracker.com/id?1016310
http://www.debian.org/security/2006/dsa-1098
http://www.debian.org/security/2006/dsa-1099
http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml
http://www.novell.com/linux/security/advisories/2006_16_sr.html
http://www.osvdb.org/26513
http://www.osvdb.org/26514
http://www.securityfocus.com/bid/18436
http://www.vupen.com/english/advisories/2006/2356
https://exchange.xforce.ibmcloud.com/vulnerabilities/27168

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2195
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html