CVE-2004-2741 Information

Description

Cross-site scripting (XSS) vulnerability in the \help window\ (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module (2) topic or (3) module parameters.

Reference

http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u http://lists.horde.org/archives/announce/2004/000107.html http://secunia.com/advisories/12992 http://securitytracker.com/id?1011959 http://www.osvdb.org/11164 http://www.securityfocus.com/bid/11546 https://exchange.xforce.ibmcloud.com/vulnerabilities/17881