FreeBSD : horde -- XSS vulnerabilities (338d1723-5f03-11d9-92a7-000bdb1444a4)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Hyperdose Security Advisory reports :

Horde contains two XSS attacks that can be exploited through GET
requests. Once exploited, these requests could be used to execute any
JavaScript commands in the context of that user, potentially including
but not limited to reading and deleting email, and stealing auth
tokens.

See also :

http://marc.info/?l=bugtraq&m=110564059322774
http://lists.horde.org/archives/announce/2005/000159.html
http://www.nessus.org/u?7d5c3a61

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18897 (freebsd_pkg_338d17235f0311d992a7000bdb1444a4.nasl)

Bugtraq ID: 12255

CVE ID: CVE-2005-0378

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now