CVE-2006-4256

Publication date 21 August 2006

Last updated 24 July 2024


Ubuntu priority

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka “cross-site referencing.” NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
horde3 9.10 karmic
Fixed 3.1.3-1
9.04 jaunty
Fixed 3.1.3-1
8.10 intrepid
Fixed 3.1.3-1
8.04 LTS hardy
Fixed 3.1.3-1
7.10 gutsy
Fixed 3.1.3-1
7.04 feisty
Fixed 3.1.3-1
6.10 edgy
Fixed 3.1.3-1
6.06 LTS dapper Ignored end of life