CVE-2009-3701
Last modified
CVE-2009-3701 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.. EPSS estimates a 4.83% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Horde | Application Framework | <= 3.3.5 |
| Horde | Application Framework | 2.0 |
| Horde | Application Framework | 2.1 |
| Horde | Application Framework | 2.1.3 |
| Horde | Application Framework | 2.2 |
| Horde | Application Framework | 2.2.1 |
| Horde | Application Framework | 2.2.3 |
| Horde | Application Framework | 2.2.4 |
| Horde | Application Framework | 2.2.4_rc1 |
| Horde | Application Framework | 2.2.5 |
| Horde | Application Framework | 2.2.6 |
| Horde | Application Framework | 3.0 |
| Horde | Application Framework | 3.0.1 |
| Horde | Application Framework | 3.0.2 |
| Horde | Application Framework | 3.0.3 |
| Horde | Application Framework | 3.0.4 |
| Horde | Application Framework | 3.0.6 |
| Horde | Application Framework | 3.0.7 |
| Horde | Application Framework | 3.0.8 |
| Horde | Application Framework | 3.0.9 |
| Horde | Application Framework | 3.1 |
| Horde | Application Framework | 3.1.1 |
| Horde | Application Framework | 3.2 |
| Horde | Application Framework | 3.2.1 |
| Horde | Application Framework | 3.2.2 |
| Horde | Application Framework | 3.2.3 |
| Horde | Application Framework | 3.2.4 |
| Horde | Application Framework | 3.3 |
| Horde | Application Framework | 3.3.1 |
| Horde | Application Framework | 3.3.2 |
| Horde | Application Framework | 3.3.3 |
| Horde | Application Framework | 3.3.4 |
| Horde | Groupware | <= 1.2.4 |
| Horde | Groupware | 1.0 |
| Horde | Groupware | 1.0.1 |
| Horde | Groupware | 1.0.2 |
| Horde | Groupware | 1.0.3 |
| Horde | Groupware | 1.0.4 |
| Horde | Groupware | 1.0.5 |
| Horde | Groupware | 1.1 |
| Horde | Groupware | 1.1.1 |
| Horde | Groupware | 1.1.2 |
| Horde | Groupware | 1.1.3 |
| Horde | Groupware | 1.1.4 |
| Horde | Groupware | 1.1.5 |
| Horde | Groupware | 1.2 |
| Horde | Groupware | 1.2.1 |
| Horde | Groupware | 1.2.2 |
| Horde | Groupware | 1.2.3 |
| Horde | Groupware | 1.0.6 |
Showing 50 of 53 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/37709Vendor Advisory
- http://secunia.com/advisories/37823Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3549Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3572Patch, Vendor Advisory
- http://secunia.com/advisories/37709Vendor Advisory
- http://secunia.com/advisories/37823Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3549Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3572Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3701?
How severe is CVE-2009-3701?
How do I fix CVE-2009-3701?
Are you affected by CVE-2009-3701?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST