What is the severity of CVE-2006-4256?

CVE-2006-4256 is classified as a medium severity vulnerability due to its potential for phishing attacks.

How do I fix CVE-2006-4256?

To mitigate CVE-2006-4256, upgrade to Horde Application Framework version 3.1.2 or later.

What types of applications are affected by CVE-2006-4256?

CVE-2006-4256 affects various versions of the Horde Application Framework, specifically versions prior to 3.1.2.

What attack vector does CVE-2006-4256 exploit?

CVE-2006-4256 exploits the url parameter in index.php to allow inclusion of web pages from other sites.

Can CVE-2006-4256 be exploited remotely?

Yes, CVE-2006-4256 can be exploited remotely by attackers to initiate phishing attacks.

Vulnerability/
CVE-2006-4256

medium

4.3

CWE

NVD-CWE-Other 79

21/8/2006

7/8/2024

CVE-2006-4256: XSS

First published: Mon Aug 21 2006(Updated: )

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Horde Horde application framework	=3.0
Horde Horde application framework	=3.0.1
Horde Horde application framework	=3.0.2
Horde Horde application framework	=3.0.3
Horde Horde application framework	=3.0.4
Horde Horde application framework	=3.0.4_rc1
Horde Horde application framework	=3.0.4_rc2
Horde Horde application framework	=3.0.6
Horde Horde application framework	=3.0.7
Horde Horde application framework	=3.0.8
Horde Horde application framework	=3.0.9
Horde Horde application framework	=3.1
Horde Horde application framework	=3.1.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-4256?
CVE-2006-4256 is classified as a medium severity vulnerability due to its potential for phishing attacks.
How do I fix CVE-2006-4256?
To mitigate CVE-2006-4256, upgrade to Horde Application Framework version 3.1.2 or later.
What types of applications are affected by CVE-2006-4256?
CVE-2006-4256 affects various versions of the Horde Application Framework, specifically versions prior to 3.1.2.
What attack vector does CVE-2006-4256 exploit?
CVE-2006-4256 exploits the url parameter in index.php to allow inclusion of web pages from other sites.
Can CVE-2006-4256 be exploited remotely?
Yes, CVE-2006-4256 can be exploited remotely by attackers to initiate phishing attacks.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/horde
canonical/horde horde application framework
version/horde horde application framework/3.0
version/horde horde application framework/3.0.1
version/horde horde application framework/3.0.2
version/horde horde application framework/3.0.3
version/horde horde application framework/3.0.4
version/horde horde application framework/3.0.4_rc1
version/horde horde application framework/3.0.4_rc2
version/horde horde application framework/3.0.6
version/horde horde application framework/3.0.7
version/horde horde application framework/3.0.8
version/horde horde application framework/3.0.9
version/horde horde application framework/3.1
version/horde horde application framework/3.1.1