Horde Passwd Module < 3.1.1 XSS
Medium Nessus Network Monitor Plugin ID 5092
SynopsisThe remote web server contains a PHP application that is vulnerable to cross-site scripting attacks.
DescriptionThe installation of Horde is using the Passwd module which provides support for changing passwords. The installed version of this module is earlier than 3.1.1. Such versions are reportedly affected by a cross-site scripting vulnerability that affects the 'backend' parameter of the 'main.php' script. An attacker can exploit this to execute arbitrary script code in the browser of an authenticated user.
SolutionUpgrade to Passwd H3 3.1.1 or later.