CVE-2005-4190 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-4190 Interim 1 3 2021-06-09T08:35:48Z current 2021-05-30T12:34:26Z 2021-06-09T08:35:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-4190 Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2006-04/msg00009.html E-Mail link for SUSE-SR:2006:009 https://lists.opensuse.org/opensuse-security-announce/2006-07/msg00014.html E-Mail link for SUSE-SR:2006:016 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. CVE-2005-4190 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N