Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0931

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0931
Last Modified 18 Mar 2009 12:23:08
Published 17 Mar 2009 05:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0931

Summary

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Debian Horde 3.2.2

  • Debian Horde 3.2.3

  • Debian Horde 3.3

  • Debian Horde 3.3.1

  • Debian Horde 3.3.2

  • Debian Horde Groupware 1.1.1

  • Debian Horde Groupware 1.1.2

  • Debian Horde Groupware 1.1.3

  • Debian Horde Groupware 1.1.4


References

BID - 33491

SECUNIA - 33695

MLIST - [announce] 20090127 Horde Groupware 1.1.5 (final)

MLIST - [announce] 20090127 Horde 3.2.4 (final)

MLIST - [announce] 20090127 Horde 3.3.3 (final)

CONFIRM - http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503

CONFIRM - http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5

CONFIRM - http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5


Last Updated: 27 May 2016 10:50:25