Lucene search

MitreCVE-2014-4945

HistoryJul 14, 2014 - 2:55 p.m.

CVE-2014-4945

2014-07-1414:55:07

CWE-79

mitre

web.nvd.nist.gov

cve-2014-4945

cross-site scripting

xss

vulnerabilities

horde

imp

webmail

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.

Affected configurations

Nvd

Node

hordegroupwareRange≤5.1.4webmail

hordegroupwareMatch5.0.0webmail

hordegroupwareMatch5.0.0rc1webmail

hordegroupwareMatch5.0.1webmail

hordegroupwareMatch5.0.2webmail

hordegroupwareMatch5.0.3webmail

hordegroupwareMatch5.0.4webmail

hordegroupwareMatch5.0.5webmail

hordegroupwareMatch5.1.0webmail

hordegroupwareMatch5.1.0rc1webmail

hordegroupwareMatch5.1.1webmail

hordegroupwareMatch5.1.2webmail

hordegroupwareMatch5.1.3webmail

hordeinternet_mail_programRange≤6.1.7

hordeinternet_mail_programMatch6.0.0

hordeinternet_mail_programMatch6.0.0alpha1

hordeinternet_mail_programMatch6.0.0beta1

hordeinternet_mail_programMatch6.0.0beta2

hordeinternet_mail_programMatch6.0.0beta3

hordeinternet_mail_programMatch6.0.0beta4

hordeinternet_mail_programMatch6.0.0rc1

hordeinternet_mail_programMatch6.0.1

hordeinternet_mail_programMatch6.0.2

hordeinternet_mail_programMatch6.0.3

hordeinternet_mail_programMatch6.0.4

hordeinternet_mail_programMatch6.0.5

hordeinternet_mail_programMatch6.0.6

hordeinternet_mail_programMatch6.1.0

hordeinternet_mail_programMatch6.1.0beta1

hordeinternet_mail_programMatch6.1.0beta2

hordeinternet_mail_programMatch6.1.0rc1

hordeinternet_mail_programMatch6.1.1

hordeinternet_mail_programMatch6.1.2

hordeinternet_mail_programMatch6.1.3

hordeinternet_mail_programMatch6.1.4

hordeinternet_mail_programMatch6.1.5

hordeinternet_mail_programMatch6.1.6

VendorProductVersionCPE
hordegroupware*cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*
hordegroupware5.0.0cpe:2.3:a:horde:groupware:5.0.0:*:*:*:webmail:*:*:*
hordegroupware5.0.0cpe:2.3:a:horde:groupware:5.0.0:rc1:*:*:webmail:*:*:*
hordegroupware5.0.1cpe:2.3:a:horde:groupware:5.0.1:*:*:*:webmail:*:*:*
hordegroupware5.0.2cpe:2.3:a:horde:groupware:5.0.2:*:*:*:webmail:*:*:*
hordegroupware5.0.3cpe:2.3:a:horde:groupware:5.0.3:*:*:*:webmail:*:*:*
hordegroupware5.0.4cpe:2.3:a:horde:groupware:5.0.4:*:*:*:webmail:*:*:*
hordegroupware5.0.5cpe:2.3:a:horde:groupware:5.0.5:*:*:*:webmail:*:*:*
hordegroupware5.1.0cpe:2.3:a:horde:groupware:5.1.0:*:*:*:webmail:*:*:*
hordegroupware5.1.0cpe:2.3:a:horde:groupware:5.1.0:rc1:*:*:webmail:*:*:*

Vendor	Product	Version	CPE
horde	groupware	*	cpe:2.3:a:horde:groupware:::::webmail:::*
horde	groupware	5.0.0	cpe:2.3:a:horde:groupware:5.0.0::::webmail:::
horde	groupware	5.0.0	cpe:2.3:a:horde:groupware:5.0.0:rc1:::webmail:::*
horde	groupware	5.0.1	cpe:2.3:a:horde:groupware:5.0.1::::webmail:::
horde	groupware	5.0.2	cpe:2.3:a:horde:groupware:5.0.2::::webmail:::
horde	groupware	5.0.3	cpe:2.3:a:horde:groupware:5.0.3::::webmail:::
horde	groupware	5.0.4	cpe:2.3:a:horde:groupware:5.0.4::::webmail:::
horde	groupware	5.0.5	cpe:2.3:a:horde:groupware:5.0.5::::webmail:::
horde	groupware	5.1.0	cpe:2.3:a:horde:groupware:5.1.0::::webmail:::
horde	groupware	5.1.0	cpe:2.3:a:horde:groupware:5.1.0:rc1:::webmail:::*

Rows per page:

1-10 of 371

References

lists.horde.org/archives/announce/2014/001019.html

lists.horde.org/archives/announce/2014/001025.html

secunia.com/advisories/59770

secunia.com/advisories/59772

github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES

github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

Related for CVE-2014-4945