CVE-2010-4778

Multiple cross-site scripting XSS vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the 1 username aka fmusername, 2 password aka fmpassword, or 3 server aka fmserver...

CVE-2010-4778

Horde IMP prior to 4.3.8 and Horde Groupware Webmail Edition prior to 1.2.7 contain multiple XSS vulnerabilities in fetchmailprefs.php (fetchmail_prefs_save action). The issues allow remote attackers to inject arbitrary web script or HTML via vulnerable fields, specifically (for CVE-2010-4778) th...

CVE-2010-3695

Cross-site scripting XSS vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fmid parameter in a fetchmailprefssave action, related to the Fetchmail configuration...

CVE-2010-3695

CVE-2010-3695 is a cross-site scripting (XSS) vulnerability in Horde IMP (before 4.3.8) and Horde Groupware Webmail Edition (before 1.2.7). The flaw allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in the fetchmail_prefs_save action (Fetchmail configuration)....

Horde IMP Webmail fetchmailprefs.php存储式跨站脚本漏洞

BUGTRAQ ID: 43515 IMP是一款基于Web的强大的邮件程序，由Horde项目组开发，可使用在Linux/Unix或者Windows操作系统下。 IMP Webmail没有正确地过滤提交给fetchmailprefs.php脚本的fmid URL参数，远程攻击者可以通过提交恶意URL请求执行存储式跨站脚本攻击。当用户访问邮件获取偏好页面时就会执行所注入的代码。 Horde IMP 4.3.7 厂商补丁： Horde ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

XSS in Horde IMP <=4.3.7, fetchmailprefs.php

Hi, Horde IMP v4.3.7 and lower are subject to a cross site scripting XSS vulnerability: The fetchmailprefs.php script fails to properly sanitize user supplied input to the 'fmid' URL parameter. If exploited, injected code will be persistent persistent XSS and will execute once the user manually...