Lucene search

[email protected]CVE-2010-3693

HistoryApr 04, 2011 - 12:27 p.m.

CVE-2010-3693

2011-04-0412:27:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-3693

cross-site scripting

xss

horde dynamic imp

dimp

horde groupware webmail edition

mailbox names

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

Affected configurations

NVD

Node

hordegroupwareRange≤1.2.6

hordegroupwareMatch1.0

hordegroupwareMatch1.0rc1

hordegroupwareMatch1.0rc2

hordegroupwareMatch1.0.1

hordegroupwareMatch1.0.2

hordegroupwareMatch1.0.3

hordegroupwareMatch1.0.4

hordegroupwareMatch1.0.5

hordegroupwareMatch1.0.6

hordegroupwareMatch1.0.7

hordegroupwareMatch1.0.8

hordegroupwareMatch1.1

hordegroupwareMatch1.1rc1

hordegroupwareMatch1.1rc2

hordegroupwareMatch1.1rc3

hordegroupwareMatch1.1rc4

hordegroupwareMatch1.1.1

hordegroupwareMatch1.1.2

hordegroupwareMatch1.1.3

hordegroupwareMatch1.1.4

hordegroupwareMatch1.1.5

hordegroupwareMatch1.1.6

hordegroupwareMatch1.2

hordegroupwareMatch1.2rc1

hordegroupwareMatch1.2.1

hordegroupwareMatch1.2.2

hordegroupwareMatch1.2.3

hordegroupwareMatch1.2.3rc1

hordegroupwareMatch1.2.4

hordegroupwareMatch1.2.5

Node

hordedynamic_impRange≤1.1.4

hordedynamic_impMatch1.0

hordedynamic_impMatch1.0alpha

hordedynamic_impMatch1.0rc1

hordedynamic_impMatch1.0rc2

hordedynamic_impMatch1.0rc3

hordedynamic_impMatch1.1

hordedynamic_impMatch1.1rc1

hordedynamic_impMatch1.1rc2

hordedynamic_impMatch1.1.1

hordedynamic_impMatch1.1.2

hordedynamic_impMatch1.1.3

CPENameOperatorVersion
horde:groupwarehorde groupwarele1.2.6
horde:groupwarehorde groupwareeq1.0
horde:groupwarehorde groupwareeq1.0.1
horde:groupwarehorde groupwareeq1.0.2
horde:groupwarehorde groupwareeq1.0.3
horde:groupwarehorde groupwareeq1.0.4
horde:groupwarehorde groupwareeq1.0.5
horde:groupwarehorde groupwareeq1.0.6
horde:groupwarehorde groupwareeq1.0.7
horde:groupwarehorde groupwareeq1.0.8

CPE	Name	Operator	Version
horde:groupware	horde groupware	le	1.2.6
horde:groupware	horde groupware	eq	1.0
horde:groupware	horde groupware	eq	1.0.1
horde:groupware	horde groupware	eq	1.0.2
horde:groupware	horde groupware	eq	1.0.3
horde:groupware	horde groupware	eq	1.0.4
horde:groupware	horde groupware	eq	1.0.5
horde:groupware	horde groupware	eq	1.0.6
horde:groupware	horde groupware	eq	1.0.7
horde:groupware	horde groupware	eq	1.0.8

Rows per page:

1-10 of 231

References

bugs.horde.org/ticket/9240

cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h

git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h

git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d

lists.horde.org/archives/announce/2010/000561.html

lists.horde.org/archives/announce/2010/000568.html

openwall.com/lists/oss-security/2010/09/30/7

openwall.com/lists/oss-security/2010/09/30/8

openwall.com/lists/oss-security/2010/10/01/6

secunia.com/advisories/41639

www.osvdb.org/68267

www.vupen.com/english/advisories/2010/2522

exchange.xforce.ibmcloud.com/vulnerabilities/62080

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2010-3693

nvd1 ubuntucve1 cvelist1 prion1