Lucene search

K

[email protected]NVD:CVE-2009-0931

HistoryMar 17, 2009 - 9:30 p.m.

CVE-2009-0931

2009-03-1721:30:00

CWE-79

[email protected]

web.nvd.nist.gov

2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

debianhordeRange≤3.3.1

OR

debianhordeRange≤3.3.2

OR

debianhordeMatch3.2.2

OR

debianhordeMatch3.2.3

OR

debianhordeMatch3.3

OR

debianhorde_groupwareRange≤1.1.1

OR

debianhorde_groupwareRange≤1.1.2

OR

debianhorde_groupwareRange≤1.1.3

OR

debianhorde_groupwareRange≤1.1.4

References

cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5

cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5

cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503

lists.horde.org/archives/announce/2009/000482.html

lists.horde.org/archives/announce/2009/000483.html

lists.horde.org/archives/announce/2009/000486.html

secunia.com/advisories/33695

www.securityfocus.com/bid/33491

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

Related for NVD:CVE-2009-0931

prion1 cve1 cvelist1 ubuntucve1 seebug1 gentoo1 openvas6 nessus4 fedora3