HIGH🇵🇱 Wersja polska

CVE-2002-0181

CVSS 7.5v2.0pub. 2002-04-22upd. 2026-04-16

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Horde

    APP
    Horde
    1.2.7
  • Horde Imp

    APP
    Horde
    2.2.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2012-0209HIGH7.5ten sam produkt

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP betwee...

CVE-2008-7218HIGH10.0ten sam produkt

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba ...

CVE-2005-3344HIGH10.0ten sam produkt

The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows...

CVE-2003-0025HIGH7.5ten sam produkt

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized...

CVE-2001-1257HIGH7.5ten sam produkt

Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows rem...