Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-3701

Опубликовано: 21 дек. 2009
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

3.3.6+debian0-2
hardy

ignored

end of life
intrepid

ignored

end of life, was needed
jaunty

released

3.2.2+debian0-2+lenny2build0.9.04.1
karmic

ignored

end of life
lucid

not-affected

3.3.6+debian0-2
maverick

not-affected

3.3.6+debian0-2
natty

not-affected

3.3.6+debian0-2
oneiric

not-affected

3.3.6+debian0-2

Показывать по

Ссылки на источники

EPSS

Процентиль: 84%
0.02191
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2009-3701

redhat
около 16 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

nvd логотип

CVE-2009-3701

nvd
около 16 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

debian логотип

CVE-2009-3701

debian
около 16 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...

github логотип

GHSA-pfm3-37qv-rm2q

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

EPSS

Процентиль: 84%
0.02191
Низкий

4.3 Medium

CVSS2