Unrated severityNVD Advisory· Published Mar 17, 2009· Updated Apr 23, 2026

CVE-2009-0930

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.

Affected products

Debian/Horde Imp2 versions
cpe:2.3:a:debian:horde_imp:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:debian:horde_imp:*:*:*:*:*:*:*:*range: <=4.0.2
- cpe:2.3:a:debian:horde_imp:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/33719nvdVendor Advisory
cvs.horde.org/co.php/imp/docs/CHANGESnvd
cvs.horde.org/co.php/imp/docs/CHANGESnvd
lists.horde.org/archives/announce/2009/000484.htmlnvd
lists.horde.org/archives/announce/2009/000485.htmlnvd
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlnvd
secunia.com/advisories/34418nvd
secunia.com/advisories/34703nvd
www.debian.org/security/2009/dsa-1770nvd
www.securityfocus.com/bid/33492nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000