CVE-2009-3701

This is a vulnerability advisory detailing a Cross-Site Scripting (XSS) vulnerability in Horde 3.3.5 due to improper filtering of the PHP_SELF variable. The advisory includes a proof-of-concept demonstrating the XSS via crafted URLs.

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Horde Framework versions prior to 3.3.6. The PoC shows how an attacker can inject arbitrary JavaScript code via a crafted URL, potentially leading to session hijacking or other client-side attacks.

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Horde Framework versions prior to 3.3.6. The PoC shows how an attacker can inject arbitrary JavaScript code via a crafted URL, potentially leading to session hijacking or other client-side attacks.

The provided text describes a cross-site scripting (XSS) vulnerability in the Horde Framework prior to version 3.3.6. It includes a proof-of-concept URL demonstrating the vulnerability but lacks executable exploit code.