CVE-2006-4256 Information
Description
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites which could be useful for phishing attacks via a URL in the url parameter aka \cross-site referencing.\ NOTE: some sources have referred to this issue as XSS but it is different than classic XSS.
Reference
http://lists.horde.org/archives/announce/2006/000292.html
http://secunia.com/advisories/21500
http://secunia.com/advisories/27565
http://securityreason.com/securityalert/1422
http://securitytracker.com/id?1016713
http://www.debian.org/security/2007/dsa-1406
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456
http://www.securityfocus.com/archive/1/443360/100/0/threaded
http://www.vupen.com/english/advisories/2006/3309
https://exchange.xforce.ibmcloud.com/vulnerabilities/28411
index.php
in
Horde
Application
Framework
before
3.1.2
allows
remote
attackers
to
include
web
pages
from
other
sites
which
could
be
useful
for
phishing
attacks
via
a
URL
in
the
url
parameter
aka
\cross-site
referencing.
NOTE:
some
sources
have
referred
to
this
issue
as
XSS
but
it
is
different
than
classic
XSS.