CVE-2009-3701

Exp

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

Published: 2009-12-21 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-3701 is rated High Exploit Risk (61.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.19%). 6 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2009-3701

EDB-ID Source Kind Published Link
10512 exploit_db edb 2009-12-17 Exploit-DB ↗
33406 exploit_db edb 2009-12-15 Exploit-DB ↗
33408 exploit_db edb 2009-12-15 Exploit-DB ↗
33407 exploit_db edb 2009-12-15 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2009-3701

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-06-01 2.27% 2.19% -0.08%
2 2025-03-30 1.84% 2.27% +0.43%
3 2025-03-29 1.84%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-3701

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2009-3701

OS Trackers for CVE-2009-3701

vendor priority summary link
redhat medium https://access.redhat.com/security/cve/CVE-2009-3701
ubuntu low CVE-2009-3701 low priority: Ubuntu including 1 source packages (horde3), 10 status rows across 10 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): ignored 4, not-affected 4, released 2. https://ubuntu.com/security/CVE-2009-3701

Affected software / configurations for CVE-2009-3701

Vendor Product Version Raw CPE
horde application_framework <= 3.3.5 cpe:2.3:a:horde:application_framework:*:*:*:*:*:*:*:*
horde application_framework 2.0 cpe:2.3:a:horde:application_framework:2.0:*:*:*:*:*:*:*
horde application_framework 2.1 cpe:2.3:a:horde:application_framework:2.1:*:*:*:*:*:*:*
horde application_framework 2.1.3 cpe:2.3:a:horde:application_framework:2.1.3:*:*:*:*:*:*:*
horde application_framework 2.2 cpe:2.3:a:horde:application_framework:2.2:*:*:*:*:*:*:*
horde application_framework 2.2.1 cpe:2.3:a:horde:application_framework:2.2.1:*:*:*:*:*:*:*
horde application_framework 2.2.3 cpe:2.3:a:horde:application_framework:2.2.3:*:*:*:*:*:*:*
horde application_framework 2.2.4 cpe:2.3:a:horde:application_framework:2.2.4:*:*:*:*:*:*:*
horde application_framework 2.2.4_rc1 cpe:2.3:a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*
horde application_framework 2.2.5 cpe:2.3:a:horde:application_framework:2.2.5:*:*:*:*:*:*:*
horde application_framework 2.2.6 cpe:2.3:a:horde:application_framework:2.2.6:*:*:*:*:*:*:*
horde application_framework 3.0 cpe:2.3:a:horde:application_framework:3.0:*:*:*:*:*:*:*
horde application_framework 3.0.1 cpe:2.3:a:horde:application_framework:3.0.1:*:*:*:*:*:*:*
horde application_framework 3.0.2 cpe:2.3:a:horde:application_framework:3.0.2:*:*:*:*:*:*:*
horde application_framework 3.0.3 cpe:2.3:a:horde:application_framework:3.0.3:*:*:*:*:*:*:*
horde application_framework 3.0.4 cpe:2.3:a:horde:application_framework:3.0.4:*:*:*:*:*:*:*
horde application_framework 3.0.6 cpe:2.3:a:horde:application_framework:3.0.6:*:*:*:*:*:*:*
horde application_framework 3.0.7 cpe:2.3:a:horde:application_framework:3.0.7:*:*:*:*:*:*:*
horde application_framework 3.0.8 cpe:2.3:a:horde:application_framework:3.0.8:*:*:*:*:*:*:*
horde application_framework 3.0.9 cpe:2.3:a:horde:application_framework:3.0.9:*:*:*:*:*:*:*
horde application_framework 3.1 cpe:2.3:a:horde:application_framework:3.1:*:*:*:*:*:*:*
horde application_framework 3.1.1 cpe:2.3:a:horde:application_framework:3.1.1:*:*:*:*:*:*:*
horde application_framework 3.2 cpe:2.3:a:horde:application_framework:3.2:*:*:*:*:*:*:*
horde application_framework 3.2.1 cpe:2.3:a:horde:application_framework:3.2.1:*:*:*:*:*:*:*
horde application_framework 3.2.2 cpe:2.3:a:horde:application_framework:3.2.2:*:*:*:*:*:*:*
horde application_framework 3.2.3 cpe:2.3:a:horde:application_framework:3.2.3:*:*:*:*:*:*:*
horde application_framework 3.2.4 cpe:2.3:a:horde:application_framework:3.2.4:*:*:*:*:*:*:*
horde application_framework 3.3 cpe:2.3:a:horde:application_framework:3.3:*:*:*:*:*:*:*
horde application_framework 3.3.1 cpe:2.3:a:horde:application_framework:3.3.1:*:*:*:*:*:*:*
horde application_framework 3.3.2 cpe:2.3:a:horde:application_framework:3.3.2:*:*:*:*:*:*:*
horde application_framework 3.3.3 cpe:2.3:a:horde:application_framework:3.3.3:*:*:*:*:*:*:*
horde application_framework 3.3.4 cpe:2.3:a:horde:application_framework:3.3.4:*:*:*:*:*:*:*
horde groupware <= 1.2.4 cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*
horde groupware 1.0 cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*
horde groupware 1.0.1 cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*
horde groupware 1.0.2 cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*
horde groupware 1.0.3 cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*
horde groupware 1.0.4 cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*
horde groupware 1.0.5 cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*
horde groupware 1.1 cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*
horde groupware 1.1.1 cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*
horde groupware 1.1.2 cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*
horde groupware 1.1.3 cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*
horde groupware 1.1.4 cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*
horde groupware 1.1.5 cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*
horde groupware 1.2 cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*
horde groupware 1.2 cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*
horde groupware 1.2.1 cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*
horde groupware 1.2.2 cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*
horde groupware 1.2.3 cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*
horde groupware 1.0 cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*
horde groupware 1.0 cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*
horde groupware 1.0.6 cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*
horde groupware 1.0.7 cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*
horde groupware 1.0.8 cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*
horde groupware 1.1 cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*
horde groupware 1.1 cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*
horde groupware 1.1 cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*
horde groupware 1.1 cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*
horde groupware 1.1.6 cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*
horde groupware 1.2.3 cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*

References for CVE-2009-3701

URL Tags
http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html Exploit
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h
http://lists.horde.org/archives/announce/2009/000529.html Patch
http://marc.info/?l=horde-announce&m=126100750018478&w=2
http://marc.info/?l=horde-announce&m=126101076422179&w=2 Patch
http://secunia.com/advisories/37709 Vendor Advisory
http://secunia.com/advisories/37823 Vendor Advisory
http://securitytracker.com/id?1023365
http://www.securityfocus.com/archive/1/508531/100/0/threaded
http://www.securityfocus.com/bid/37351 Exploit
http://www.vupen.com/english/advisories/2009/3549 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/3572 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54817
cvelogic Threat Intelligence