Multiple Cross-Site Scripting Vulnerabilities in Horde Application Framework and Groupware
CVE-2009-3701

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
21 December 2009

What is CVE-2009-3701?

The Horde Application Framework and its Groupware components are susceptible to multiple cross-site scripting (XSS) vulnerabilities. Attackers can exploit these weaknesses through the administration interface, particularly via the PHP_SELF variable associated with specific scripts such as phpshell.php, cmdshell.php, or sqlshell.php located in the admin directory. This exposure allows unauthorized individuals to inject arbitrary HTML or web scripts, potentially compromising user data and application integrity.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.