CVE: CVE-2009-2360 CVSS v2.0 Base Score: 4.3 Vulnerability Details: - The Passwd module contains a flaw that could allow an attacker to redirect a user's browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. - Consequences: Gain Access Remediation: - Upgrade to the latest version of the Passwd module (3.1.1 or later), available from the Horde Web site. CVSS v2.0 Temporal Score: 3.7 - Exploitability: High - Remediation Level: Official Fix - Report Confidence: Confirmed Affected Products: - Horde Passwd 3.1 Dependent Products: - Debian Linux 4.0 - Debian Linux 5.0 Coverage: - Cross Site Scripting (Nov 11, 2008) - HTTP_GETargscript (Feb 21, 2005) References: - Horde Web site (Link) - SA35720 (Link) - BID-35573 (Link) - CVE-2009-2360 (Link)