FreeBSD : horde -- multiple parameter XSS vulnerabilities (09429f7c-fd6e-11da-b1cd-0050bf27ba24)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

FrSIRT advisory ADV-2006-2356 reports :

Multiple vulnerabilities have been identified in Horde Application
Framework, which may be exploited by attackers to execute arbitrary
scripting code. These flaws are due to input validation errors in the
'test.php' and 'templates/problem/problem.inc' scripts that do not
validate the 'url', 'name', 'email', 'subject' and 'message'
parameters, which could be exploited by attackers to cause arbitrary
scripting code to be executed by the user's browser in the security
context of an affected Website.

See also :

http://www.frsirt.com/english/advisories/2006/2356
http://www.nessus.org/u?96eecda2
http://www.nessus.org/u?c60bb3d0
http://www.nessus.org/u?8f07aca4

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21730 (freebsd_pkg_09429f7cfd6e11dab1cd0050bf27ba24.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2195

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now