SNS Vulnerability

Multiple Horde Products Parent Frame Page Title Cross Site Scripting

Description

A Cross Site Scripting vulnerability was identified in multiple Horde products, which may be exploited by attackers to inject malicious HTML codes. This flaw is due to an input validation error when setting the parent frame's page title using javascript, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.

Vulnerable Products

Vulnerable Software:
Horde IMP version 3.2.7 and priorHorde Chora version 1.2.2 and priorHorde Nag version 1.1.2 and priorHorde Forwards version 2.2.1 and priorHorde Mnemo version 1.1.3 and priorHorde Accounts version 2.1.1 and priorHorde Kronolith version 1.1.3 and priorHorde Passwd version 2.2.1 and priorHorde Turba version 1.2.4 and priorHorde Vacation version 2.2.1 and prior

Solution

Horde Chora version 1.2.3 : http://www.horde.org/chora/download/ Horde Nag version 1.1.3 : http://www.horde.org/nag/download/ Horde Forwards version 2.2.2 : http://www.horde.org/forwards/download/ Horde Mnemo version 1.1.4 : http://www.horde.org/mnemo/download/ Horde IMP version 3.2.8 :ftp://ftp.horde.org/pub/imp/imp-3.2.8.tar.gz Horde Accounts version 2.1.2 : http://www.horde.org/accounts/download/ Horde Kronolith version 1.1.4 : http://www.horde.org/kronolith/download/ Horde Passwd version 2.2.2 : http://www.horde.org/passwd/download/ Horde Turba version 1.2.5 : http://www.horde.org/turba/download/ Horde Vacation version 2.2.2 : http://www.horde.org/vacation/download/

CVE

References

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : javascript code in flash clickTAG parameter	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Low

Vulnerability First Public Report Date

2005-04-25

Target Type

Server

Possible exploit

Local & Remote