Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0934

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0934
Last Modified 08 Jun 2009 01:25:42
Published 17 Mar 2009 10:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0934

Summary

Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.

Vulnerable Systems

Application

  • Process-one Ejabberd 0.9

  • Process-one Ejabberd 0.9.1

  • Process-one Ejabberd 0.9.8

  • Process-one Ejabberd 1.0.0

  • Process-one Ejabberd 1.1.0

  • Process-one Ejabberd 1.1.1

  • Process-one Ejabberd 1.1.1.0

  • Process-one Ejabberd 1.1.1.1

  • Process-one Ejabberd 1.1.14

  • Process-one Ejabberd 1.1.2

  • Process-one Ejabberd 1.1.3

  • Process-one Ejabberd 2.0.0

  • Process-one Ejabberd 2.0.1 2

  • Process-one Ejabberd 2.0.2

  • Process-one Ejabberd 2.0.3


References

FEDORA - FEDORA-2009-2746

FEDORA - FEDORA-2009-2747

XF - ejabberd-chatroom-xss(49289)

BID - 34133

CONFIRM - http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204

MLIST - [oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd

DEBIAN - DSA-1774

SECUNIA - 34781

SECUNIA - 34354

SECUNIA - 34340

OSVDB - 52714


Last Updated: 27 May 2016 10:50:25