Lucene search

K

RedhatCVELIST:CVE-2012-0791

HistoryJan 24, 2012 - 6:00 p.m.

CVE-2012-0791

2012-01-2418:00:00

redhat

www.cve.org

2

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

References

secunia.com/advisories/47580

secunia.com/advisories/47592

www.debian.org/security/2012/dsa-2485

www.horde.org/apps/imp/docs/CHANGES

www.horde.org/apps/imp/docs/RELEASE_NOTES

www.horde.org/apps/webmail/docs/CHANGES

www.horde.org/apps/webmail/docs/RELEASE_NOTES

www.openwall.com/lists/oss-security/2012/01/22/2

www.securityfocus.com/bid/51586

www.securitytracker.com/id?1026553

www.securitytracker.com/id?1026554

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

Related for CVELIST:CVE-2012-0791

suse1 openvas4 ubuntucve1 nessus5 cve1 prion1 securityvulns2 osv1 nvd1 debian1