cbcvebase.
CVE-2009-4363
published 2009-12-21

CVE-2009-4363: Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before…

PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.37%
68.5th percentile
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."

Affected

53 ranges· showing 25
VendorProductVersion rangeFixed in
hordeapplication_framework<= 3.3.5
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework
hordeapplication_framework

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.