CVE-2008-3330

CWE-79 — Cross-site Scripting (XSS)6 documents5 sources

Severity

4.3MEDIUM

EPSS

0.5%

top 35.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Horde Debian Turba

Timeline

PublishedJul 27

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDdebian/horde3.2

▶NVDdebian/turba2.2

🔴Vulnerability Details

GHSA

GHSA-2v6g-j89f-4p2g: Cross-site scripting (XSS) vulnerability in services/obrowser/index↗2022-05-01

▶

CVEList

CVE-2008-3330: Cross-site scripting (XSS) vulnerability in services/obrowser/index↗2008-07-27

▶

📋Vendor Advisories

Red Hat

horde: XSS in the item names in the object browser↗2008-06-13

▶

💬Community

Bugzilla

CVE-2008-3330 horde: XSS in the item names in the object browser↗2008-06-23

▶