CVE-2006-4256
Last modified
CVE-2006-4256 is a vulnerability of currently unknown severity. index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.. EPSS estimates a 1.67% chance of exploitation in the next 30 days.
Description
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Horde | Application Framework | 3.0 |
| Horde | Application Framework | 3.0.1 |
| Horde | Application Framework | 3.0.2 |
| Horde | Application Framework | 3.0.3 |
| Horde | Application Framework | 3.0.4 |
| Horde | Application Framework | 3.0.4_rc1 |
| Horde | Application Framework | 3.0.4_rc2 |
| Horde | Application Framework | 3.0.6 |
| Horde | Application Framework | 3.0.7 |
| Horde | Application Framework | 3.0.8 |
| Horde | Application Framework | 3.0.9 |
| Horde | Application Framework | 3.1 |
| Horde | Application Framework | 3.1.1 |
References
- http://secunia.com/advisories/21500Vendor Advisory
- http://secunia.com/advisories/21500Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4256?
How severe is CVE-2006-4256?
How do I fix CVE-2006-4256?
Are you affected by CVE-2006-4256?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST