Multiple Cross-Site Scripting Vulnerabilities in Horde Application Framework and Groupware
CVE-2009-3701
Currently unrated
What is CVE-2009-3701?
The Horde Application Framework and its Groupware components are susceptible to multiple cross-site scripting (XSS) vulnerabilities. Attackers can exploit these weaknesses through the administration interface, particularly via the PHP_SELF variable associated with specific scripts such as phpshell.php, cmdshell.php, or sqlshell.php located in the admin directory. This exposure allows unauthorized individuals to inject arbitrary HTML or web scripts, potentially compromising user data and application integrity.
