CVE-2009-0934 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Affected Products (NVD)

Vendor	Product	Version
process-one	ejabberd	𝑥 ≤ 2.0.3
process-one	ejabberd	0.9
process-one	ejabberd	0.9.1
process-one	ejabberd	0.9.8
process-one	ejabberd	1.0.0
process-one	ejabberd	1.1.0
process-one	ejabberd	1.1.1
process-one	ejabberd	1.1.1.0
process-one	ejabberd	1.1.1.1
process-one	ejabberd	1.1.2
process-one	ejabberd	1.1.3
process-one	ejabberd	1.1.14
process-one	ejabberd	2.0.0
process-one	ejabberd	2.0.0:beta1
process-one	ejabberd	2.0.0:rc1
process-one	ejabberd	2.0.1_2:_2
process-one	ejabberd	2.0.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ejabberd

bookworm	23.01-1 fixed
bullseye	21.01-2 fixed
etch	not-affected
sid	24.07-2 fixed
trixie	23.10-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

ejabberd

dapper	ignored
gutsy	ignored
hardy	ignored
intrepid	ignored
jaunty	ignored
karmic	not-affected
lucid	not-affected
maverick	not-affected
natty	not-affected
oneiric	not-affected

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://osvdb.org/52714

http://secunia.com/advisories/34340

http://secunia.com/advisories/34354

http://secunia.com/advisories/34781

http://www.debian.org/security/2009/dsa-1774

http://www.openwall.com/lists/oss-security/2009/03/16/1

http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204

http://www.securityfocus.com/bid/34133

https://exchange.xforce.ibmcloud.com/vulnerabilities/49289

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00675.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00735.html

http://osvdb.org/52714

http://secunia.com/advisories/34340

http://secunia.com/advisories/34354

http://secunia.com/advisories/34781

http://www.debian.org/security/2009/dsa-1774

http://www.openwall.com/lists/oss-security/2009/03/16/1

http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204

http://www.securityfocus.com/bid/34133

https://exchange.xforce.ibmcloud.com/vulnerabilities/49289

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00675.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00735.html