Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
oryginał ENAV:N/AC:M/Au:N/C:N/I:P/A:NHorde Dynamic Imp
APPHorde1.01.11.1.11.1.21.1.31.1.41.1.51.1.65.05.0.15.0.105.0.115.0.125.0.135.0.14+ 11 więcejHorde Groupware Webmail Edition
APPHorde1.01.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.11.1.11.1.21.1.31.1.41.1.5+ 11 więcejHorde Imp
APPHorde2.02.22.2.12.2.22.2.32.2.42.2.52.2.62.2.72.2.82.33.03.13.1.23.2+ 33 więcej
Powiązane podatności
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mn...
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba ...
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impa...
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized...
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...