CVE-2004-2741: XSS
First published: Fri Dec 31 2004(Updated: )
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Horde application framework | =2.1 | |
| Horde Horde application framework | =2.2.4_rc1 | |
| Horde Horde application framework | =2.0 | |
| Horde Horde application framework | =2.2 | |
| Horde Horde application framework | =2.2.3 | |
| Horde Horde application framework | =2.2.1 | |
| Horde Horde application framework | =2.2.6 | |
| Horde Horde application framework | =2.1.3 | |
| Horde Horde application framework | =2.2.5 | |
| Horde Horde application framework | =2.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.horde.org/archives/announce/2004/000107.html
- http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u
- http://www.securityfocus.com/bid/11546
- http://www.osvdb.org/11164
- http://securitytracker.com/id?1011959
- http://secunia.com/advisories/12992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17881
Frequently Asked Questions
What is the severity of CVE-2004-2741?
CVE-2004-2741 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2004-2741?
To fix CVE-2004-2741, upgrade to Horde Application Framework version 2.2.7 or later, which addresses this vulnerability.
What are the affected versions of Horde related to CVE-2004-2741?
CVE-2004-2741 affects Horde Application Framework versions 2.0, 2.1, 2.1.3, 2.2, 2.2.1, 2.2.3, 2.2.4, 2.2.4_rc1, 2.2.5, and 2.2.6.
What type of vulnerability is CVE-2004-2741?
CVE-2004-2741 is a cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary web scripts or HTML.
Can CVE-2004-2741 be exploited remotely?
Yes, CVE-2004-2741 can be exploited remotely by attackers looking to execute malicious scripts in the context of a user's browser.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/horde
- canonical/horde horde application framework
- version/horde horde application framework/2.1
- version/horde horde application framework/2.2.4_rc1
- version/horde horde application framework/2.0
- version/horde horde application framework/2.2
- version/horde horde application framework/2.2.3
- version/horde horde application framework/2.2.1
- version/horde horde application framework/2.2.6
- version/horde horde application framework/2.1.3
- version/horde horde application framework/2.2.5
- version/horde horde application framework/2.2.4