Unrated severityNVD Advisory· Published Dec 21, 2009· Updated Jun 16, 2026
CVE-2009-3701
CVE-2009-3701
Description
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
64cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*range: <=3.3.5
- cpe:2.3:a:horde:application_framework:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.4:*:*:*:*:*:*:*
- (no CPE)range: <3.3.6
cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*range: <=1.2.4
- cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*
- (no CPE)range: <1.2.5
- Range: <1.2.5
Patches
Vulnerability mechanics
References
13- lists.horde.org/archives/announce/2009/000529.htmlnvdPatch
- marc.infonvdPatch
- www.vupen.com/english/advisories/2009/3549nvdPatchVendor Advisory
- www.vupen.com/english/advisories/2009/3572nvdPatchVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.htmlnvdExploit
- www.securityfocus.com/bid/37351nvdExploit
- secunia.com/advisories/37709nvdVendor Advisory
- secunia.com/advisories/37823nvdVendor Advisory
- cvs.horde.org/diff.php/horde/docs/CHANGESnvd
- marc.infonvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/508531/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54817nvd
News mentions
0No linked articles in our index yet.