VYPR
Unrated severityNVD Advisory· Published Dec 17, 2009· Updated Jun 16, 2026

CVE-2009-4353

CVE-2009-4353

Description

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:transware:active\!_mail:*:-:mobile:*:*:*:*:*+ 1 more
    • cpe:2.3:a:transware:active\!_mail:*:-:mobile:*:*:*:*:*range: <=2003
    • (no CPE)range: < 2003.0139.0911

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.