CSRF in Horde Horde_application_framework
CVE-2010-3694
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.
Affected products
- Horde Horde_application_framework — versions 3.2.2, 3.3.7, 2.2.7
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- FEDORA-2010-16592 (x_refsource_FEDORA, vendor-advisory)
- FEDORA-2010-16555 (x_refsource_FEDORA, vendor-advisory)
- 42140 (x_refsource_SECUNIA, third-party-advisory)
- [announce] 20100928 Horde 3.3.9 (final) (mailing-list, x_refsource_MLIST, Patch)