Multiple Cross-Site Scripting Vulnerabilities in Horde Application Framework and Groupware Products
CVE-2009-3237

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
17 September 2009

What is CVE-2009-3237?

The Horde Application Framework and various Groupware products are susceptible to multiple cross-site scripting vulnerabilities. These issues arise from improper handling of user inputs, such as crafted number preferences and unknown MIME 'text parts'. Attackers can exploit these vulnerabilities to inject arbitrary web scripts or HTML, potentially leading to unauthorized actions on behalf of users. Updating to the latest versions of the affected products mitigates these risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.