CVE-2008-5917
published 2009-01-21CVE-2008-5917: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.30%
66.8th percentile
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | application_framework | — | — |
| horde | application_framework | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6hmc-j3q7-53ff: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss
ghsa_unreviewed·2022-05-17
CVE-2008-5917 [MEDIUM] CWE-79 GHSA-6hmc-j3q7-53ff: Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
Red Hat
horde: IE-specific XSS via image style attribute
vendor_redhat·CVSS 4.3
CVE-2008-5917 [MEDIUM] horde: IE-specific XSS via image style attribute
horde: IE-specific XSS via image style attribute
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
No detection rules found.
No public exploits indexed.
http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18http://lists.horde.org/archives/announce/2008/000462.htmlhttp://lists.horde.org/archives/announce/2008/000464.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/34418http://secunia.com/advisories/34609http://cvs.horde.org/diff.php/framework/Text_Filter/Filter/xss.php?r1=1.17&r2=1.18http://lists.horde.org/archives/announce/2008/000462.htmlhttp://lists.horde.org/archives/announce/2008/000464.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/34418http://secunia.com/advisories/34609
2009-01-21
Published