Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Horde应用框架管理界面存在多个跨站脚本漏洞
Vulnerability Description
Horde Framework是个以PHP为基础的架构,用于创建网络应用程序。 存在多个跨站脚本漏洞,Horde没有正确地过滤用户通过URL提交给admin/phpshell.php、admin/cmdshell.php和admin/sqlshell.php的PHP_SELF参数,远程攻击者可以通过提交恶意请求执行跨站脚本攻击,在用户浏览器会话中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A