ID CVE-2012-5565 Type cve Reporter NVD Modified 2014-04-07T11:36:13
Description
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "vulnersScore": 4.3}, "published": "2014-04-05T17:55:06", "cvelist": ["CVE-2012-5565"], "hash": "f8528706dbd5aed981e3453312007a32fcda10110545e5813480be965865079f", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5565", "bulletinFamily": "NVD", "id": "CVE-2012-5565", "history": [], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "modified": "2014-04-07T11:36:13", "title": "CVE-2012-5565", "cpe": ["cpe:/a:horde:imp:5.0.18", "cpe:/a:horde:imp:5.0.22", "cpe:/a:horde:imp:5.0.8", "cpe:/a:horde:imp:5.0.15", "cpe:/a:horde:groupware:4.0.4::webamail", "cpe:/a:horde:imp:5.0.13", "cpe:/a:horde:imp:5.0.5", "cpe:/a:horde:imp:5.0.20", "cpe:/a:horde:imp:5.0.10", "cpe:/a:horde:groupware:4.0.5::webamail", "cpe:/a:horde:imp:5.0.11", "cpe:/a:horde:imp:5.0.4", "cpe:/a:horde:imp:5.0.21", "cpe:/a:horde:imp:5.0.17", "cpe:/a:horde:groupware:4.0.1::webamail", "cpe:/a:horde:imp:5.0.9", "cpe:/a:horde:imp:5.0.16", "cpe:/a:horde:groupware:4.0:rc2:webamail", "cpe:/a:horde:groupware:4.0::webamail", "cpe:/a:horde:groupware:4.0:rc1:webamail", "cpe:/a:horde:imp:5.0.12", "cpe:/a:horde:groupware:4.0.2::webamail", "cpe:/a:horde:groupware:4.0.7::webamail", "cpe:/a:horde:imp:5.0.7", "cpe:/a:horde:imp:5.0.19", "cpe:/a:horde:groupware:4.0.8::webamail", "cpe:/a:horde:imp:5.0.6", "cpe:/a:horde:groupware:4.0.6::webamail", "cpe:/a:horde:groupware:4.0.3::webamail", "cpe:/a:horde:imp:5.0.14", "cpe:/a:horde:imp:5.0.23"], "viewCount": 0, "edition": 1, "assessment": {"system": "", "href": "", "name": ""}, "references": ["http://lists.horde.org/archives/announce/2012/000833.html", "http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html", "http://www.openwall.com/lists/oss-security/2012/11/23/6", "https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2", "http://lists.horde.org/archives/announce/2012/000840.html"], "lastseen": "2016-09-03T17:16:53", "description": "Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view."}
{"nessus": [{"lastseen": "2018-09-01T23:52:36", "references": ["http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html", "https://bugzilla.novell.com/show_bug.cgi?id=791179"], "pluginID": "74837", "description": "This version update to version 5.0.24 addresses CVE-2012-5565 (bnc#791179) to fix XSS vulnerabilities on the compose page (traditional view), the contacts popup window, and with certain IMAP mailbox names.", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : horde4-imp (openSUSE-SU-2012:1626-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5565"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:horde4-imp", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-843.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-843.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74837);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2012-5565\");\n\n script_name(english:\"openSUSE Security Update : horde4-imp (openSUSE-SU-2012:1626-1)\");\n script_summary(english:\"Check for the openSUSE-2012-843 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version update to version 5.0.24 addresses CVE-2012-5565\n(bnc#791179) to fix XSS vulnerabilities on the compose page\n(traditional view), the contacts popup window, and with certain IMAP\nmailbox names.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected horde4-imp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde4-imp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"horde4-imp-5.0.24-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"horde4-imp-5.0.24-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde4-imp\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:42", "references": ["https://lists.horde.org/archives/announce/2012/000833.html", "https://lists.horde.org/archives/announce/2012/000840.html"], "pluginID": "63639", "description": "The version of IMP (Internet Mail Program) installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input when a user uploads an attachment. An attacker can use a specially crafted request to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. \n\nNote that Horde Groupware Webmail Edition is also affected as this bundle includes IMP.", "edition": 6, "reporter": "Tenable", "published": "2013-01-21T00:00:00", "title": "Horde IMP js/compose-dimp.js XSS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CGI abuses : XSS", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5565"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:horde:imp"], "id": "IMP_UPLOAD_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63639);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2012-5565\");\n script_bugtraq_id(56666);\n\n script_name(english:\"Horde IMP js/compose-dimp.js XSS\");\n script_summary(english:\"Checks compose-dimp.js for vulnerable code\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server hosts a PHP application that is affected by a\ncross-site scripting vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of IMP (Internet Mail Program) installed on the remote host\nis affected by a cross-site scripting vulnerability because it fails to\nproperly sanitize user-supplied input when a user uploads an attachment. \nAn attacker can use a specially crafted request to inject arbitrary HTML\nand script code into a user's browser to be executed within the security\ncontext of the affected site. \n\nNote that Horde Groupware Webmail Edition is also affected as this\nbundle includes IMP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2012/000833.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.horde.org/archives/announce/2012/000840.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to IMP H4 5.0.24 / Groupware Webmail Edition 4.0.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:horde:imp\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"imp_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/imp\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(\n appname : \"imp\",\n port : port,\n exit_on_fail : TRUE\n);\n\ndir = install[\"dir\"];\ninstall_url = build_url(port:port, qs:dir);\n\nurl = \"/js/compose-dimp.js\";\nres = http_send_recv3(\n method : \"GET\",\n item : dir + url,\n port : port,\n exit_on_fail : TRUE\n);\n\nvuln = FALSE;\n\nif (\"var DimpCompose\" >< res[2])\n{\n line = \"\\$\\('upload_wait'\\)\\.update\\(DimpCore\\.text\\.uploading \\+ ' \\(' \\+ \\$F\\(u\\) \\+ '\\)'\\)\\.show\\(\\);\";\n\n patch = \".escapeHTML()\";\n output = egrep(pattern:line, string:res[2]);\n\n if (output && patch >!< output) vuln = TRUE;\n}\n\nif (!vuln) audit(AUDIT_WEB_APP_NOT_AFFECTED, \"IMP\", install_url + \"/\");\n\nset_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n' + 'Nessus was able to verify the issue by examining the source of' +\n '\\n' + url + ' using the following URL : ' +\n '\\n' +\n '\\n ' + install_url + url +\n '\\n';\n\n if (report_verbosity > 1)\n {\n snip = crap(data:\"-\", length:30) +\" snip \"+ crap(data:\"-\", length:30) +'\\n';\n report +=\n '\\nNessus determined the following vulnerable code sequence has not' +\n '\\nbeen remedied in this version of IMP : ' +\n '\\n' +\n '\\n' + snip + chomp(output) +\n '\\n' + snip +\n '\\n';\n }\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
