Lucene search

K

MitreCVELIST:CVE-2009-3701

HistoryDec 21, 2009 - 4:00 p.m.

CVE-2009-3701

2009-12-2116:00:00

mitre

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.3%

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

References

archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html

cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h

lists.horde.org/archives/announce/2009/000529.html

marc.info/?l=horde-announce&m=126100750018478&w=2

marc.info/?l=horde-announce&m=126101076422179&w=2

secunia.com/advisories/37709

secunia.com/advisories/37823

securitytracker.com/id?1023365

www.securityfocus.com/archive/1/508531/100/0/threaded

www.securityfocus.com/bid/37351

www.vupen.com/english/advisories/2009/3549

www.vupen.com/english/advisories/2009/3572

exchange.xforce.ibmcloud.com/vulnerabilities/54817

5.5 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.3%

Related for CVELIST:CVE-2009-3701

securityvulns3 cve1 seebug3 exploitpack1 packetstorm1 ubuntucve1 prion1 nvd1 exploitdb1 debian1 osv1 openvas6 nessus5 fedora3