Lucene search

[email protected]NVD:CVE-2012-0791

HistoryJan 24, 2012 - 6:55 p.m.

CVE-2012-0791

2012-01-2418:55:01

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

hordedynamic_impRange≤5.0.17

hordedynamic_impMatch1.0

hordedynamic_impMatch1.0alpha

hordedynamic_impMatch1.0rc1

hordedynamic_impMatch1.0rc2

hordedynamic_impMatch1.0rc3

hordedynamic_impMatch1.1

hordedynamic_impMatch1.1rc1

hordedynamic_impMatch1.1rc2

hordedynamic_impMatch1.1.1

hordedynamic_impMatch1.1.2

hordedynamic_impMatch1.1.3

hordedynamic_impMatch1.1.4

hordedynamic_impMatch1.1.5

hordedynamic_impMatch1.1.6

hordedynamic_impMatch5.0

hordedynamic_impMatch5.0.1

hordedynamic_impMatch5.0.2

hordedynamic_impMatch5.0.3

hordedynamic_impMatch5.0.4

hordedynamic_impMatch5.0.5

hordedynamic_impMatch5.0.6

hordedynamic_impMatch5.0.7

hordedynamic_impMatch5.0.8

hordedynamic_impMatch5.0.9

hordedynamic_impMatch5.0.10

hordedynamic_impMatch5.0.11

hordedynamic_impMatch5.0.12

hordedynamic_impMatch5.0.13

hordedynamic_impMatch5.0.14

hordedynamic_impMatch5.0.15

hordedynamic_impMatch5.0.16

hordeimpMatch2.0

hordeimpMatch2.2

hordeimpMatch2.2.1

hordeimpMatch2.2.2

hordeimpMatch2.2.3

hordeimpMatch2.2.4

hordeimpMatch2.2.5

hordeimpMatch2.2.6

hordeimpMatch2.2.7

hordeimpMatch2.2.8

hordeimpMatch2.3

hordeimpMatch3.0

hordeimpMatch3.1

hordeimpMatch3.1.2

hordeimpMatch3.2

hordeimpMatch3.2.1

hordeimpMatch3.2.2

hordeimpMatch3.2.3

hordeimpMatch3.2.4

hordeimpMatch3.2.5

hordeimpMatch3.2.6

hordeimpMatch3.2.7

hordeimpMatch3.2.7rc1

hordeimpMatch4.0

hordeimpMatch4.0.1

hordeimpMatch4.0.2

hordeimpMatch4.0.3

hordeimpMatch4.0.4

hordeimpMatch4.1.3

hordeimpMatch4.1.5

hordeimpMatch4.1.6

hordeimpMatch4.2

hordeimpMatch4.2.1

hordeimpMatch4.2.2

hordeimpMatch4.3

hordeimpMatch4.3.1

hordeimpMatch4.3.2

hordeimpMatch4.3.3

hordeimpMatch4.3.4

hordeimpMatch4.3.5

hordeimpMatch4.3.6

hordeimpMatch4.3.7

hordeimpMatch4.3.8

hordeimpMatch4.3.9

hordeimpMatch5.0

hordeimpMatch5.0alpha1

hordeimpMatch5.0beta1

hordeimpMatch5.0rc1

hordeimpMatch5.0rc2

hordeimpMatch5.0.1

hordeimpMatch5.0.2

hordeimpMatch5.0.3

hordeimpMatch5.0.4-git

Node

hordegroupware_webmail_editionRange≤4.0.5

hordegroupware_webmail_editionMatch1.0

hordegroupware_webmail_editionMatch1.0rc1

hordegroupware_webmail_editionMatch1.0rc2

hordegroupware_webmail_editionMatch1.0.1

hordegroupware_webmail_editionMatch1.0.2

hordegroupware_webmail_editionMatch1.0.3

hordegroupware_webmail_editionMatch1.0.4

hordegroupware_webmail_editionMatch1.0.5

hordegroupware_webmail_editionMatch1.0.6

hordegroupware_webmail_editionMatch1.0.7

hordegroupware_webmail_editionMatch1.0.8

hordegroupware_webmail_editionMatch1.1

hordegroupware_webmail_editionMatch1.1rc1

hordegroupware_webmail_editionMatch1.1rc2

hordegroupware_webmail_editionMatch1.1rc3

hordegroupware_webmail_editionMatch1.1rc4

hordegroupware_webmail_editionMatch1.1.1

hordegroupware_webmail_editionMatch1.1.2

hordegroupware_webmail_editionMatch1.1.3

hordegroupware_webmail_editionMatch1.1.4

hordegroupware_webmail_editionMatch1.1.5

hordegroupware_webmail_editionMatch1.1.6

hordegroupware_webmail_editionMatch1.2

hordegroupware_webmail_editionMatch1.2rc1

hordegroupware_webmail_editionMatch1.2.1

hordegroupware_webmail_editionMatch1.2.2

hordegroupware_webmail_editionMatch1.2.3

hordegroupware_webmail_editionMatch1.2.3rc1

hordegroupware_webmail_editionMatch1.2.4

hordegroupware_webmail_editionMatch1.2.5

hordegroupware_webmail_editionMatch1.2.6

hordegroupware_webmail_editionMatch1.2.7

hordegroupware_webmail_editionMatch1.2.8

hordegroupware_webmail_editionMatch1.2.9

hordegroupware_webmail_editionMatch1.2.10

hordegroupware_webmail_editionMatch4.0

hordegroupware_webmail_editionMatch4.0rc1

hordegroupware_webmail_editionMatch4.0rc2

hordegroupware_webmail_editionMatch4.0.1

hordegroupware_webmail_editionMatch4.0.2

hordegroupware_webmail_editionMatch4.0.3

hordegroupware_webmail_editionMatch4.0.4

References

secunia.com/advisories/47580

secunia.com/advisories/47592

www.debian.org/security/2012/dsa-2485

www.horde.org/apps/imp/docs/CHANGES

www.horde.org/apps/imp/docs/RELEASE_NOTES

www.horde.org/apps/webmail/docs/CHANGES

www.horde.org/apps/webmail/docs/RELEASE_NOTES

www.openwall.com/lists/oss-security/2012/01/22/2

www.securityfocus.com/bid/51586

www.securitytracker.com/id?1026553

www.securitytracker.com/id?1026554

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for NVD:CVE-2012-0791

openvas4 prion1 securityvulns2 osv1 suse1 cvelist1 cve1 nessus5 ubuntucve1 debian1