25 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Horde Internet Mail Program IMP before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565...
CVE-2012-6640
Cross-site scripting (XSS) in Horde Internet Mail Program (IMP) before 5.0.22, used with Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment. No remediation details are provided in the supplied documents.
CVE-2012-5565
Cross-site scripting XSS vulnerability in js/compose-dimp.js in Horde Internet Mail Program IMP before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic vi...
CVE-2012-6640
Cross-site scripting XSS vulnerability in Horde Internet Mail Program IMP before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565...
CVE-2012-5565
CVE-2012-5565 is an XSS vulnerability in Horde IMP (js/compose-dimp.js) used with Horde Groupware Webmail Edition prior to 4.0.9. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted name for an attached file in the dynamic view, affecting Horde IMP befo...