ID CVE-2012-5565 Type cve Reporter NVD Modified 2014-04-07T11:36:13
Description
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.
{"reporter": "NVD", "enchantments": {"vulnersScore": 4.3}, "published": "2014-04-05T17:55:06", "cvelist": ["CVE-2012-5565"], "hash": "f8528706dbd5aed981e3453312007a32fcda10110545e5813480be965865079f", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5565", "bulletinFamily": "NVD", "id": "CVE-2012-5565", "history": [], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "modified": "2014-04-07T11:36:13", "title": "CVE-2012-5565", "cpe": ["cpe:/a:horde:imp:5.0.18", "cpe:/a:horde:imp:5.0.22", "cpe:/a:horde:imp:5.0.8", "cpe:/a:horde:imp:5.0.15", "cpe:/a:horde:groupware:4.0.4::webamail", "cpe:/a:horde:imp:5.0.13", "cpe:/a:horde:imp:5.0.5", "cpe:/a:horde:imp:5.0.20", "cpe:/a:horde:imp:5.0.10", "cpe:/a:horde:groupware:4.0.5::webamail", "cpe:/a:horde:imp:5.0.11", "cpe:/a:horde:imp:5.0.4", "cpe:/a:horde:imp:5.0.21", "cpe:/a:horde:imp:5.0.17", "cpe:/a:horde:groupware:4.0.1::webamail", "cpe:/a:horde:imp:5.0.9", "cpe:/a:horde:imp:5.0.16", "cpe:/a:horde:groupware:4.0:rc2:webamail", "cpe:/a:horde:groupware:4.0::webamail", "cpe:/a:horde:groupware:4.0:rc1:webamail", "cpe:/a:horde:imp:5.0.12", "cpe:/a:horde:groupware:4.0.2::webamail", "cpe:/a:horde:groupware:4.0.7::webamail", "cpe:/a:horde:imp:5.0.7", "cpe:/a:horde:imp:5.0.19", "cpe:/a:horde:groupware:4.0.8::webamail", "cpe:/a:horde:imp:5.0.6", "cpe:/a:horde:groupware:4.0.6::webamail", "cpe:/a:horde:groupware:4.0.3::webamail", "cpe:/a:horde:imp:5.0.14", "cpe:/a:horde:imp:5.0.23"], "viewCount": 0, "edition": 1, "assessment": {"system": "", "href": "", "name": ""}, "references": ["http://lists.horde.org/archives/announce/2012/000833.html", "http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html", "http://www.openwall.com/lists/oss-security/2012/11/23/6", "https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2", "http://lists.horde.org/archives/announce/2012/000840.html"], "lastseen": "2016-09-03T17:16:53", "description": "Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view."}
{"result": {"nessus": [{"id": "OPENSUSE-2012-843.NASL", "type": "nessus", "title": "openSUSE Security Update : horde4-imp (openSUSE-SU-2012:1626-1)", "description": "This version update to version 5.0.24 addresses CVE-2012-5565 (bnc#791179) to fix XSS vulnerabilities on the compose page (traditional view), the contacts popup window, and with certain IMAP mailbox names.", "published": "2014-06-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74837", "cvelist": ["CVE-2012-5565"], "lastseen": "2017-10-29T13:40:14"}, {"id": "IMP_UPLOAD_XSS.NASL", "type": "nessus", "title": "Horde IMP js/compose-dimp.js XSS", "description": "The version of IMP (Internet Mail Program) installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input when a user uploads an attachment. An attacker can use a specially crafted request to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. \n\nNote that Horde Groupware Webmail Edition is also affected as this bundle includes IMP.", "published": "2013-01-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63639", "cvelist": ["CVE-2012-5565"], "lastseen": "2017-10-29T13:43:33"}]}}