CVE-2004-2741 - Inefficient Blacks

Description

Cross-site scripting (XSS) vulnerability in the \help window\ (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module (2) topic or (3) module parameters.

Reference

http://lists.horde.org/archives/announce/2004/000107.html http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u http://www.securityfocus.com/bid/11546 http://www.osvdb.org/11164 http://securitytracker.com/id?1011959 http://secunia.com/advisories/12992 https://exchange.xforce.ibmcloud.com/vulnerabilities/17881