Unrated severityNVD Advisory· Published Mar 18, 2009· Updated Apr 23, 2026
CVE-2009-0934
CVE-2009-0934
Description
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
Affected products
17cpe:2.3:a:process-one:ejabberd:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:process-one:ejabberd:*:*:*:*:*:*:*:*range: <=2.0.3
- cpe:2.3:a:process-one:ejabberd:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.1_2:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:2.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- secunia.com/advisories/34340nvdVendor Advisory
- www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204nvdVendor Advisory
- osvdb.org/52714nvd
- secunia.com/advisories/34354nvd
- secunia.com/advisories/34781nvd
- www.debian.org/security/2009/dsa-1774nvd
- www.openwall.com/lists/oss-security/2009/03/16/1nvd
- www.securityfocus.com/bid/34133nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/49289nvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00675.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00735.htmlnvd
News mentions
0No linked articles in our index yet.