Unrated severityNVD Advisory· Published Dec 21, 2009· Updated Apr 23, 2026
CVE-2009-3701
CVE-2009-3701
Description
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
Affected products
61cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*range: <=3.3.5
- cpe:2.3:a:horde:application_framework:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:application_framework:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*range: <=1.2.4
- cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.horde.org/archives/announce/2009/000529.htmlnvdPatch
- marc.infonvdPatch
- www.vupen.com/english/advisories/2009/3549nvdPatchVendor Advisory
- www.vupen.com/english/advisories/2009/3572nvdPatchVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.htmlnvdExploit
- www.securityfocus.com/bid/37351nvdExploit
- secunia.com/advisories/37709nvdVendor Advisory
- secunia.com/advisories/37823nvdVendor Advisory
- cvs.horde.org/diff.php/horde/docs/CHANGESnvd
- marc.infonvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/508531/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54817nvd
News mentions
0No linked articles in our index yet.