CVE-2010-3693

2011-04-0121:00:00

redhat

www.cve.org

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

References

bugs.horde.org/ticket/9240

cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h

git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h

git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d

lists.horde.org/archives/announce/2010/000561.html

lists.horde.org/archives/announce/2010/000568.html

openwall.com/lists/oss-security/2010/09/30/7

openwall.com/lists/oss-security/2010/09/30/8

openwall.com/lists/oss-security/2010/10/01/6

secunia.com/advisories/41639

www.osvdb.org/68267

www.vupen.com/english/advisories/2010/2522

exchange.xforce.ibmcloud.com/vulnerabilities/62080