14 matches found
PT-2025-12433 · Horde +1 · Horde Imp +2
Name of the Vulnerable Software and Affected Versions: Horde IMP versions prior to 6.2.27 Horde Application Framework versions prior to 5.2.23 Description: A Cross-Site Scripting XSS vulnerability was discovered in Horde IMP, allowing an attacker to hijack a user session by sending a crafted e-ma...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...
IMP common-footer.inc Parent Frame Page Title XSS
According to its version, the remote installation of IMP fails to fully sanitize user-supplied input when setting the parent frame's page title by JavaScript in 'templates/common-footer.inc'. By leveraging this flaw, an attacker may be able to inject arbitrary HTML and script code into a user's...
CVE-2004-1443
Cross-site scripting XSS vulnerability in the inline MIME viewer in Horde-IMP Internet Messaging Program 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message...
GLSA-200408-07 : Horde-IMP: Input validation vulnerability for Internet Explorer users
The remote host is affected by the vulnerability described in GLSA-200408-07 Horde-IMP: Input validation vulnerability for Internet Explorer users Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer...
Horde-IMP: Input validation vulnerability for Internet Explorer users
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...
Horde-IMP: Input validation vulnerability
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact By enticing a user to read a specially crafted...
IMP Content-Type Header XSS
The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...
DSA-229 imp - SQL injection
Bulletin has no description...
Дырка в Horde IMP (code execution)
Неинициализированные PHP-переменные позволяют выполнение скрипта заданного атакующим. Кроме того есть другие уязвимости...
Horde 1.2.x/2.1.3 and Imp 2.2.x/3.1.2 - File Disclosure
source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI parameters. By specifying a malicious INBOX file in a request,...
Horde 1.2.x2.1.3 and Imp 2.2.x3.1.2 - File Disclosure
Horde 1.2.x2.1.3 and Imp 2.2.x3.1.2 - File Disclosure source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI...
CVE-2000-0911
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachmentname hidden form variable, which causes IMP to send the file to the attacker as an attachment...
(SRADV00003) Arbitrary file disclosure through IMP
================================================= Secure Reality Pty Ltd. Security Advisory 3 SRADV00003 http://www.securereality.com.au ================================================= Title Arbitrary file disclosure through IMP Released 12/09/2000 Vulnerable Most all? versions of IMP 2.2.1...