Cross-Site Scripting Vulnerability in Passwd Module by Horde
CVE-2009-2360

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
8 July 2009

What is CVE-2009-2360?

A Cross-Site Scripting (XSS) vulnerability exists in the Passwd module of Horde, specifically in the passwd/main.php file, prior to version 3.1.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'backend' parameter. Such vulnerabilities can be exploited to execute malicious scripts in the context of the user's browser, potentially compromising sensitive information and user sessions. It is crucial for users to ensure they are running an updated version of the Passwd module to safeguard against these types of attacks.

References

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.