CVE-2009-4363

21.12.2009, 16:30

Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message.  NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
horde	application_framework	𝑥 ≤ 3.3.5
horde	application_framework	2.0
horde	application_framework	2.1
horde	application_framework	2.1.3
horde	application_framework	2.2
horde	application_framework	2.2.1
horde	application_framework	2.2.3
horde	application_framework	2.2.4
horde	application_framework	2.2.4_rc1:_rc1
horde	application_framework	2.2.5
horde	application_framework	2.2.6
horde	application_framework	3.0
horde	application_framework	3.0.1
horde	application_framework	3.0.2
horde	application_framework	3.0.3
horde	application_framework	3.0.4
horde	application_framework	3.0.6
horde	application_framework	3.0.7
horde	application_framework	3.0.8
horde	application_framework	3.0.9
horde	application_framework	3.1
horde	application_framework	3.1.1
horde	application_framework	3.2
horde	application_framework	3.2.1
horde	application_framework	3.2.2
horde	application_framework	3.2.3
horde	application_framework	3.2.4
horde	application_framework	3.3
horde	application_framework	3.3.1
horde	application_framework	3.3.2
horde	application_framework	3.3.3
horde	application_framework	3.3.4
horde	groupware	𝑥 ≤ 1.2.4
horde	groupware	1.0
horde	groupware	1.0.1
horde	groupware	1.0.2
horde	groupware	1.0.3
horde	groupware	1.0.4
horde	groupware	1.0.5
horde	groupware	1.1
horde	groupware	1.1.1
horde	groupware	1.1.2
horde	groupware	1.1.3
horde	groupware	1.1.4
horde	groupware	1.1.5
horde	groupware	1.2
horde	groupware	1.2:rc1
horde	groupware	1.2.1
horde	groupware	1.2.2
horde	groupware	1.2.3
horde	groupware	𝑥 ≤ 1.2.4
horde	groupware	1.0
horde	groupware	1.0:rc1
horde	groupware	1.0:rc2
horde	groupware	1.0.1
horde	groupware	1.0.2
horde	groupware	1.0.3
horde	groupware	1.0.4
horde	groupware	1.0.5
horde	groupware	1.0.6
horde	groupware	1.0.7
horde	groupware	1.0.8
horde	groupware	1.1
horde	groupware	1.1:rc1
horde	groupware	1.1:rc2
horde	groupware	1.1:rc3
horde	groupware	1.1:rc4
horde	groupware	1.1.1
horde	groupware	1.1.2
horde	groupware	1.1.3
horde	groupware	1.1.4
horde	groupware	1.1.5
horde	groupware	1.1.6
horde	groupware	1.2
horde	groupware	1.2:rc1
horde	groupware	1.2.1
horde	groupware	1.2.2
horde	groupware	1.2.3
horde	groupware	1.2.3:rc1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

horde3

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	ignored
jaunty	Fixed 3.2.2+debian0-2+lenny2build0.9.04.1 released
intrepid	ignored
hardy	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://bugs.horde.org/ticket/8715

http://bugs.horde.org/view.php?actionID=view_file&type=patch&file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch&ticket=8715

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h

http://lists.horde.org/archives/announce/2009/000529.html

http://marc.info/?l=horde-announce&m=126100750018478&w=2

http://marc.info/?l=horde-announce&m=126101076422179&w=2