8 matches found
EUVD-2005-1322
Malware in sbrugna...
Horde IMP Webmail <= 4.0.4 Client Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/22975/info Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue, because the application fails to properly sanitize user-supplied input...
Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection
source: https://www.securityfocus.com/bid/43515/info Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML or JavaScript code could run in the context of the affected...
[Full-disclosure] Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Horde IMP Webmail Client version H3 4.1.4 was released a few hours ago. It contains fixes for 2 XSS issues compared to 4.1.4 RC1. 1. Script injection through email subject lines in threaded view Subject lines of emails, when displayed in vulnerabl...
Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/22975/info Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and scrip...
CVE-2005-1319
Cross-site scripting XSS vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title...
CVE-2005-1319
CVE-2005-1319 describes a cross-site scripting (XSS) vulnerability in the Horde IMP Webmail client, affecting versions prior to 3.2.8. The root cause is unsanitized input used to set the parent frame page title, allowing remote attackers to inject arbitrary script/HTML. Public references (NVD, SU...
Horde Imp Webmail status.php3 message Parameter XSS
The remote server is running IMP 2.2.7. Such versions are potentially affected by a cross-site scripting attack which can be used by an attacker to hijack a victim's IMP session. Nessus solely relied on the version number of your installation, so if you applied the hotfix already, consider this...