CVE-2005-4191: XSS
First published: Tue Dec 13 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Nag Task List Manager | =1.1 | |
| Horde Nag Task List Manager | =1.1.1 | |
| Horde Nag Task List Manager | =1.1.2 | |
| Horde Nag Task List Manager | =1.1.3 | |
| Horde Nag Task List Manager | =2.0 | |
| Horde Nag Task List Manager | =2.0.1 | |
| Horde Nag Task List Manager | =2.0.2 | |
| Horde Nag Task List Manager | =2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.horde.org/archives/announce/2005/000236.html
- http://www.sec-consult.com/245.html
- http://cvs.horde.org/diff.php/nag/templates/tasklists/tasklists.inc?r1=1.10&r2=1.11&ty=h
- http://secunia.com/advisories/17969
- http://www.securityfocus.com/bid/15804
- http://www.vupen.com/english/advisories/2005/2836
Frequently Asked Questions
What is the severity of CVE-2005-4191?
CVE-2005-4191 is considered a medium severity vulnerability due to the potential for cross-site scripting attacks.
How do I fix CVE-2005-4191?
To mitigate CVE-2005-4191, upgrade to Horde Nag Task List Manager H3 version 2.0.4 or later.
What types of attacks can CVE-2005-4191 facilitate?
CVE-2005-4191 can facilitate cross-site scripting (XSS) attacks, allowing an attacker to inject malicious scripts into web pages viewed by users.
Who is affected by CVE-2005-4191?
Remote authenticated users of Horde Nag Task List Manager H3 versions prior to 2.0.4 are affected by CVE-2005-4191.
What are the affected versions of Horde Nag Task List Manager H3 for CVE-2005-4191?
The affected versions for CVE-2005-4191 include 1.1, 1.1.1, 1.1.2, 1.1.3, 2.0, 2.0.1, 2.0.2, and 2.0.3.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/horde
- canonical/horde nag task list manager
- version/horde nag task list manager/1.1
- version/horde nag task list manager/1.1.1
- version/horde nag task list manager/1.1.2
- version/horde nag task list manager/1.1.3
- version/horde nag task list manager/2.0
- version/horde nag task list manager/2.0.1
- version/horde nag task list manager/2.0.2
- version/horde nag task list manager/2.0.3