Vulnerabilities > CVE-2005-1320 - Cross-Site Scripting vulnerability in Mnemo

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
horde
nessus
NVD
Published: 2005-05-02
Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

Vulnerable Configurations

Part Description Count
Application
Horde
4

Nessus

NASL familyCGI abuses : XSS
NASL idHORDE_MNEMO_FOOTER_XSS.NASL
descriptionAccording to its version, the remote installation of Mnemo fails to fully sanitize user-supplied input when setting the parent frame
last seen2020-06-01
modified2020-06-02
plugin id18134
published2005-04-26
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18134
titleHorde Mnemo common-footer.inc Parent Frame Page XSS
code
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description) {
  script_id(18134);
  script_version("1.18");

  script_cve_id("CVE-2005-1320");
  script_bugtraq_id(13362);

  script_name(english:"Horde Mnemo common-footer.inc Parent Frame Page XSS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is prone to a cross-
site scripting attack." );
 script_set_attribute(attribute:"description", value:
"According to its version, the remote installation of Mnemo fails to
fully sanitize user-supplied input when setting the parent frame's
page title by JavaScript in 'templates/common-footer.inc'.  By
leveraging this flaw, an attacker may be able to inject arbitrary HTML
and script code into a user's browser to be executed in the context of
the affected website, thereby resulting in the theft of session
cookies and similar attacks." );
 script_set_attribute(attribute:"see_also", value:"https://lists.horde.org/archives/announce/2005/000197.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Mnemo 1.1.4 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/22");
 script_cvs_date("Date: 2018/07/12 19:01:14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:horde:mnemo");
script_end_attributes();

 
  summary["english"] = "Checks for cross-site scripting vulnerability in Mnemo common-footer.inc";
  script_summary(english:summary["english"]);
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencies("horde_mnemo_detect.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  script_require_keys("www/PHP");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);


# Test an install.
install = get_kb_item(string("www/", port, "/horde_mnemo"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
  ver = matches[1];
  if (ver =~ "^(0|1\.(0|1$|1\.[0-3]([^0-9]|$)))")
  {
   security_warning(port);
   set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  }
}

References