CVE Vulnerability

CVE-2008-6746

Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://secunia.com/advisories/30704 Vendor Advisory
http://lists.horde.org/archives/announce/2008/000414.html
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h
http://www.securityfocus.com/bid/29743
https://exchange.xforce.ibmcloud.com/vulnerabilities/43098
Configurations

Configuration 1

cpe:2.3:a:horde:turba_h3:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.2:rc3:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.2:rc4:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0:alpha:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:*:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.2:alpha:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:turba_h3:2.1.3:*:*:*:*:*:*:*
Information

Published : 2009-04-23 05:30

Updated : 2017-08-17 01:29

NVD link : CVE-2008-6746

Mitre link : CVE-2008-6746

Products Affected

Horde

CWE
CWE-79