What is the severity of CVE-2009-4363?

CVE-2009-4363 has a high severity rating as it allows remote attackers to perform cross-site scripting attacks.

How do I fix CVE-2009-4363?

To fix CVE-2009-4363, upgrade the Horde Application Framework to version 3.3.6 or later, or Horde Groupware to version 1.2.5 or later.

What software is affected by CVE-2009-4363?

CVE-2009-4363 affects multiple versions of the Horde Application Framework and Horde Groupware up to specified versions.

What kind of attack does CVE-2009-4363 allow?

CVE-2009-4363 allows remote attackers to exploit cross-site scripting (XSS) vulnerabilities using data: URIs.

Who can exploit CVE-2009-4363?

Any remote attacker can exploit CVE-2009-4363 if they can inject malicious data: URIs into web pages served by the affected Horde applications.

Vulnerability/
CVE-2009-4363

medium

4.3

CWE

21/12/2009

17/9/2024

CVE-2009-4363: XSS

First published: Mon Dec 21 2009(Updated: )

Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Horde Horde application framework	<=3.3.5
Horde Horde application framework	=2.0
Horde Horde application framework	=2.1
Horde Horde application framework	=2.1.3
Horde Horde application framework	=2.2
Horde Horde application framework	=2.2.1
Horde Horde application framework	=2.2.3
Horde Horde application framework	=2.2.4
Horde Horde application framework	=2.2.4_rc1
Horde Horde application framework	=2.2.5
Horde Horde application framework	=2.2.6
Horde Horde application framework	=3.0
Horde Horde application framework	=3.0.1
Horde Horde application framework	=3.0.2
Horde Horde application framework	=3.0.3
Horde Horde application framework	=3.0.4
Horde Horde application framework	=3.0.6
Horde Horde application framework	=3.0.7
Horde Horde application framework	=3.0.8
Horde Horde application framework	=3.0.9
Horde Horde application framework	=3.1
Horde Horde application framework	=3.1.1
Horde Horde application framework	=3.2
Horde Horde application framework	=3.2.1
Horde Horde application framework	=3.2.2
Horde Horde application framework	=3.2.3
Horde Horde application framework	=3.2.4
Horde Horde application framework	=3.3
Horde Horde application framework	=3.3.1
Horde Horde application framework	=3.3.2
Horde Horde application framework	=3.3.3
Horde Horde application framework	=3.3.4
Horde Groupware Webmail Edition	<=1.2.4
Horde Groupware Webmail Edition	=1.0
Horde Groupware Webmail Edition	=1.0.1
Horde Groupware Webmail Edition	=1.0.2
Horde Groupware Webmail Edition	=1.0.3
Horde Groupware Webmail Edition	=1.0.4
Horde Groupware Webmail Edition	=1.0.5
Horde Groupware Webmail Edition	=1.1
Horde Groupware Webmail Edition	=1.1.1
Horde Groupware Webmail Edition	=1.1.2
Horde Groupware Webmail Edition	=1.1.3
Horde Groupware Webmail Edition	=1.1.4
Horde Groupware Webmail Edition	=1.1.5
Horde Groupware Webmail Edition	=1.2
Horde Groupware Webmail Edition	=1.2-rc1
Horde Groupware Webmail Edition	=1.2.1
Horde Groupware Webmail Edition	=1.2.2
Horde Groupware Webmail Edition	=1.2.3
Horde Groupware Webmail Edition	=1.0-rc1
Horde Groupware Webmail Edition	=1.0-rc2
Horde Groupware Webmail Edition	=1.0.6
Horde Groupware Webmail Edition	=1.0.7
Horde Groupware Webmail Edition	=1.0.8
Horde Groupware Webmail Edition	=1.1-rc1
Horde Groupware Webmail Edition	=1.1-rc2
Horde Groupware Webmail Edition	=1.1-rc3
Horde Groupware Webmail Edition	=1.1-rc4
Horde Groupware Webmail Edition	=1.1.6
Horde Groupware Webmail Edition	=1.2.3-rc1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4363?
CVE-2009-4363 has a high severity rating as it allows remote attackers to perform cross-site scripting attacks.
How do I fix CVE-2009-4363?
To fix CVE-2009-4363, upgrade the Horde Application Framework to version 3.3.6 or later, or Horde Groupware to version 1.2.5 or later.
What software is affected by CVE-2009-4363?
CVE-2009-4363 affects multiple versions of the Horde Application Framework and Horde Groupware up to specified versions.
What kind of attack does CVE-2009-4363 allow?
CVE-2009-4363 allows remote attackers to exploit cross-site scripting (XSS) vulnerabilities using data: URIs.
Who can exploit CVE-2009-4363?
Any remote attacker can exploit CVE-2009-4363 if they can inject malicious data: URIs into web pages served by the affected Horde applications.

agent/type
agent/severity
agent/references
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/horde
canonical/horde horde application framework
version/horde horde application framework/3.3.5
version/horde horde application framework/2.0
version/horde horde application framework/2.1
version/horde horde application framework/2.1.3
version/horde horde application framework/2.2
version/horde horde application framework/2.2.1
version/horde horde application framework/2.2.3
version/horde horde application framework/2.2.4
version/horde horde application framework/2.2.4_rc1
version/horde horde application framework/2.2.5
version/horde horde application framework/2.2.6
version/horde horde application framework/3.0
version/horde horde application framework/3.0.1
version/horde horde application framework/3.0.2
version/horde horde application framework/3.0.3
version/horde horde application framework/3.0.4
version/horde horde application framework/3.0.6
version/horde horde application framework/3.0.7
version/horde horde application framework/3.0.8
version/horde horde application framework/3.0.9
version/horde horde application framework/3.1
version/horde horde application framework/3.1.1
version/horde horde application framework/3.2
version/horde horde application framework/3.2.1
version/horde horde application framework/3.2.2
version/horde horde application framework/3.2.3
version/horde horde application framework/3.2.4
version/horde horde application framework/3.3
version/horde horde application framework/3.3.1
version/horde horde application framework/3.3.2
version/horde horde application framework/3.3.3
version/horde horde application framework/3.3.4
canonical/horde groupware webmail edition
version/horde groupware webmail edition/1.2.4
version/horde groupware webmail edition/1.0
version/horde groupware webmail edition/1.0.1
version/horde groupware webmail edition/1.0.2
version/horde groupware webmail edition/1.0.3
version/horde groupware webmail edition/1.0.4
version/horde groupware webmail edition/1.0.5
version/horde groupware webmail edition/1.1
version/horde groupware webmail edition/1.1.1
version/horde groupware webmail edition/1.1.2
version/horde groupware webmail edition/1.1.3
version/horde groupware webmail edition/1.1.4
version/horde groupware webmail edition/1.1.5
version/horde groupware webmail edition/1.2
version/horde groupware webmail edition/1.2-rc1
version/horde groupware webmail edition/1.2.1
version/horde groupware webmail edition/1.2.2
version/horde groupware webmail edition/1.2.3
version/horde groupware webmail edition/1.0-rc1
version/horde groupware webmail edition/1.0-rc2
version/horde groupware webmail edition/1.0.6
version/horde groupware webmail edition/1.0.7
version/horde groupware webmail edition/1.0.8
version/horde groupware webmail edition/1.1-rc1
version/horde groupware webmail edition/1.1-rc2
version/horde groupware webmail edition/1.1-rc3
version/horde groupware webmail edition/1.1-rc4
version/horde groupware webmail edition/1.1.6
version/horde groupware webmail edition/1.2.3-rc1

CVE-2009-4363: XSS

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4363?

How do I fix CVE-2009-4363?

What software is affected by CVE-2009-4363?

What kind of attack does CVE-2009-4363 allow?

Who can exploit CVE-2009-4363?

Company

Resources

Contact