Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2009-4363

Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."

  • Published: Dec 21, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-4363
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
horde / application_framework 3.0.2 3.0.2.x
horde / groupware 1.1 1.1.x
horde / application_framework 3.2.4 3.2.4.x
horde / application_framework 2.1 2.1.x
horde / groupware 1.0 1.0.x
horde / groupware 1.2.2 1.2.2.x
horde / application_framework 2.2.4_rc1 2.2.4_rc1.x
horde / groupware 1.1.5 1.1.5.x
horde / application_framework 3.2.1 3.2.1.x
horde / application_framework - 3.3.5.x
horde / application_framework 2.0 2.0.x
horde / application_framework 3.3.2 3.3.2.x
horde / application_framework 3.0.8 3.0.8.x
horde / groupware 1.2.1 1.2.1.x
horde / application_framework 3.0 3.0.x
horde / groupware 1.0.2 1.0.2.x
horde / application_framework 3.2.2 3.2.2.x
horde / groupware - 1.2.4.x
horde / groupware 1.0.1 1.0.1.x
horde / groupware 1.0.5 1.0.5.x
horde / application_framework 2.2 2.2.x
horde / groupware 1.1.1 1.1.1.x
horde / application_framework 2.2.3 2.2.3.x
horde / application_framework 3.0.7 3.0.7.x
horde / application_framework 2.2.1 2.2.1.x
horde / application_framework 2.2.6 2.2.6.x
horde / application_framework 2.1.3 2.1.3.x
horde / application_framework 3.0.4 3.0.4.x
horde / application_framework 3.1 3.1.x
horde / groupware 1.0.3 1.0.3.x
horde / application_framework 3.0.1 3.0.1.x
horde / application_framework 3.0.6 3.0.6.x
horde / application_framework 3.3.3 3.3.3.x
horde / groupware 1.1.3 1.1.3.x
horde / application_framework 2.2.5 2.2.5.x
horde / application_framework 3.3.4 3.3.4.x
horde / application_framework 3.2.3 3.2.3.x
horde / application_framework 3.3.1 3.3.1.x
horde / groupware 1.0.4 1.0.4.x
horde / application_framework 3.2 3.2.x
horde / groupware 1.2-rc1 1.2-rc1.x
horde / groupware 1.2 1.2.x
horde / application_framework 3.0.3 3.0.3.x
horde / application_framework 2.2.4 2.2.4.x
horde / application_framework 3.1.1 3.1.1.x
horde / groupware 1.1.4 1.1.4.x
horde / application_framework 3.0.9 3.0.9.x
horde / application_framework 3.3 3.3.x
horde / groupware 1.1.2 1.1.2.x
horde / groupware 1.2.3 1.2.3.x
horde / groupware 1.0-rc1 1.0-rc1.x
horde / groupware 1.0-rc2 1.0-rc2.x
horde / groupware 1.0.6 1.0.6.x
horde / groupware 1.0.7 1.0.7.x
horde / groupware 1.0.8 1.0.8.x
horde / groupware 1.1-rc1 1.1-rc1.x
horde / groupware 1.1-rc2 1.1-rc2.x
horde / groupware 1.1-rc3 1.1-rc3.x
horde / groupware 1.1-rc4 1.1-rc4.x
horde / groupware 1.1.6 1.1.6.x
horde / groupware 1.2.3-rc1 1.2.3-rc1.x