CVE-2009-0931
published 2009-03-17CVE-2009-0931: Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.03%
78.6th percentile
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | horde | <= 3.3.1 | — |
| debian | horde | <= 3.3.2 | — |
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde_groupware | <= 1.1.1 | — |
| debian | horde_groupware | <= 1.1.2 | — |
| debian | horde_groupware | <= 1.1.3 | — |
| debian | horde_groupware | <= 1.1.4 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5mv3-qrx8-v8x3: Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search
ghsa_unreviewed·2022-05-02
CVE-2009-0931 [MEDIUM] CWE-79 GHSA-5mv3-qrx8-v8x3: Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Red Hat
horde: XSS vulnerability and directory traversal vulnerability
vendor_redhat·2009-01-27·CVSS 4.3
CVE-2009-0931 [MEDIUM] CWE-79 horde: XSS vulnerability and directory traversal vulnerability
horde: XSS vulnerability and directory traversal vulnerability
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503http://lists.horde.org/archives/announce/2009/000482.htmlhttp://lists.horde.org/archives/announce/2009/000483.htmlhttp://lists.horde.org/archives/announce/2009/000486.htmlhttp://secunia.com/advisories/33695http://www.securityfocus.com/bid/33491http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503http://lists.horde.org/archives/announce/2009/000482.htmlhttp://lists.horde.org/archives/announce/2009/000483.htmlhttp://lists.horde.org/archives/announce/2009/000486.htmlhttp://secunia.com/advisories/33695http://www.securityfocus.com/bid/33491
2009-03-17
Published