Lucene search
AnonymousEDB-ID:33065HistoryJun 05, 2009 - 12:00 a.m.
Horde 3.1 - 'Passwd' Module Cross-Site Scripting
2009-06-0500:00:00
anonymous
www.exploit-db.com
10
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/35573/info
The Horde 'Passwd' module is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to Horde 'Passwd' 3.1.1 are vulnerable.
http://www.example.com/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password Related
openvas
openvas
Debian: Security Advisory (DSA-1829-1)
2009-07-29 00:00:00
Debian Security Advisory DSA 1829-1 (sork-passwd-h3)
2009-07-29 00:00:00
Debian Security Advisory DSA 1829-2 (sork-passwd-h3)
2009-07-29 00:00:00
securityvulns
securityvulns
ubuntucve
ubuntucve
CVE-2009-2360
2009-07-08 00:00:00
debian
debian
[SECURITY] [DSA 1829-1] New sork-passwd-h3 packages fix cross-site scripting
2009-07-11 07:24:54
[SECURITY] [DSA 1829-2] New sork-passwd-h3 packages fix regression
2009-07-14 09:22:59
nvd
nvd
CVE-2009-2360
2009-07-08 15:30:01
cvelist
cvelist
CVE-2009-2360
2009-07-08 15:00:00
cve
cve
CVE-2009-2360
2009-07-08 15:30:01
nessus
nessus
Debian DSA-1829-1 : sork-passwd-h3 - insufficient input sanitising
2010-02-24 00:00:00
GLSA-200909-14 : Horde: Multiple vulnerabilities
2009-09-14 00:00:00
prion
prion
Cross site scripting
2009-07-08 15:30:00
gentoo
gentoo
Horde: Multiple vulnerabilities
2009-09-12 00:00:00