Cross-Site Scripting Vulnerability in Passwd Module by Horde
CVE-2009-2360
Currently unrated
What is CVE-2009-2360?
A Cross-Site Scripting (XSS) vulnerability exists in the Passwd module of Horde, specifically in the passwd/main.php file, prior to version 3.1.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'backend' parameter. Such vulnerabilities can be exploited to execute malicious scripts in the context of the user's browser, potentially compromising sensitive information and user sessions. It is crucial for users to ensure they are running an updated version of the Passwd module to safeguard against these types of attacks.
