MEDIUM🇵🇱 Wersja polska

CVE-2012-6640

CVSS 4.3v2.0pub. 2014-04-05upd. 2026-05-06

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Horde Groupware

    APP
    Horde
    4.04.0.14.0.24.0.34.0.44.0.54.0.64.0.7≤ 4.0.8
  • Horde Imp

    APP
    Horde
    5.05.0.15.0.105.0.115.0.125.0.135.0.145.0.155.0.165.0.175.0.185.0.195.0.25.0.205.0.3+ 7 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2020-8518CRITICAL9.8ten sam produkt

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...

CVE-2022-30287HIGH8.0ten sam produkt

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...

CVE-2013-6364HIGH8.8ten sam produkt

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

CVE-2019-12095HIGH8.8ten sam produkt

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...

CVE-2019-9858HIGH8.8ten sam produkt

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...