Lucene search
HistoryJul 08, 2009 - 3:30 p.m.
CVE-2009-2360
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.
Affected configurations
Node
hordepasswdRange≤3.1
ORhordepasswdMatch2.0
ORhordepasswdMatch2.1
ORhordepasswdMatch2.2
ORhordepasswdMatch2.2.1
ORhordepasswdMatch2.2.2
References
Related
cvelist
cvelist
CVE-2009-2360
2009-07-08 15:00:00
cve
cve
CVE-2009-2360
2009-07-08 15:30:01
debian
debian
[SECURITY] [DSA 1829-2] New sork-passwd-h3 packages fix regression
2009-07-14 09:22:59
[SECURITY] [DSA 1829-1] New sork-passwd-h3 packages fix cross-site scripting
2009-07-11 07:24:54
openvas
openvas
Debian: Security Advisory (DSA-1829-1)
2009-07-29 00:00:00
Debian Security Advisory DSA 1829-2 (sork-passwd-h3)
2009-07-29 00:00:00
Debian Security Advisory DSA 1829-1 (sork-passwd-h3)
2009-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2009-2360
2009-07-08 00:00:00
securityvulns
securityvulns
nessus
nessus
Debian DSA-1829-1 : sork-passwd-h3 - insufficient input sanitising
2010-02-24 00:00:00
GLSA-200909-14 : Horde: Multiple vulnerabilities
2009-09-14 00:00:00
prion
prion
Cross site scripting
2009-07-08 15:30:00
gentoo
gentoo
Horde: Multiple vulnerabilities
2009-09-12 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
Related for NVD:CVE-2009-2360