QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3701

Published: Dec 21, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

[announce] 20091216 Horde Groupware 1.2.5 (final)

mailing-list

x_refsource_MLIST

20091217 [ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability

mailing-list

x_refsource_FULLDISC

[announce] 20091215 Horde 3.3.6 (final)

mailing-list

x_refsource_MLIST

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

20091217 [ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability

mailing-list

x_refsource_BUGTRAQ

horde-admininterface-xss(54817)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.