Lucene search
K

21 matches found

CVE
CVE
added 2005/02/13 5:0 a.m.84 views

CVE-2004-1443

CVE-2004-1443 is a documented XSS vulnerability in the Horde-IMP inline MIME viewer affecting Horde-IMP versions 3.2.4 and earlier when accessed with Internet Explorer. The vulnerability allows an attacker to inject arbitrary script/HTML via a crafted e‑mail message. Public assessment sources con...

4.3CVSS5.6AI score0.01208EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.73 views

CVE-2001-1257

The CVE-2001-1257 entry affects the Horde IMP web-based IMAP client, with vulnerable versions before 2.2.6 and 1.2.6. The underlying issue is a cross-site scripting (XSS) flaw that allows an attacker to embed JavaScript in an email, which could execute in a user’s browser when viewing the message...

7.5CVSS7AI score0.01971EPSS
CVE
CVE
added 2008/01/11 2:0 a.m.70 views

CVE-2007-6018

CVE-2007-6018 affects IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3, where insufficient validation of HTTP requests allows a remote attacker to (1) delete arbitrary emails via a modified numeric ID and (2) purge deleted emails via a crafted...

5.8CVSS7.5AI score0.01774EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.66 views

CVE-2002-0181

CVE-2002-0181 — Horde IMP status.php3 XSS is confirmed in connected OpenVAS/NVD entries. The vulnerability arises in the status.php3 parameter handling of IMP 2.2.8 and HORDE 1.2.7, where user-supplied data is not properly sanitized, enabling cross-site scripting and potential cookie theft when a...

7.5CVSS6.8AI score0.01847EPSS
CVE
CVE
added 2011/03/31 10:0 p.m.65 views

CVE-2010-3695

CVE-2010-3695 is a cross-site scripting (XSS) vulnerability in Horde IMP (before 4.3.8) and Horde Groupware Webmail Edition (before 1.2.7). The flaw allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in the fetchmail_prefs_save action (Fetchmail configuration)....

4.3CVSS5.5AI score0.04979EPSS
CVE
CVE
added 2012/01/24 6:0 p.m.63 views

CVE-2012-0791

CVE-2012-0791 is a set of cross-site scripting (XSS) vulnerabilities in Horde IMP and Horde Groupware Webmail Edition. The NVD description specifies XSS vectors via composeCache, rtemode, filename_* on the compose page; the contacts popup formname; and IMAP mailbox names. Affected products/versio...

4.3CVSS5.6AI score0.02437EPSS
CVE
CVE
added 2007/03/16 9:0 p.m.61 views

CVE-2007-1474

CVE-2007-1474 affects Horde Project Horde and IMP prior to Horde Application Framework 3.1.4. The vulnerability is an argument injection flaw in the cleanup cron script that can let local users delete arbitrary files and potentially gain privileges by supplying multiple space-delimited pathnames....

6.8CVSS6.7AI score0.04946EPSS
CVE
CVE
added 2007/03/20 10:0 a.m.60 views

CVE-2007-1515

CVE-2007-1515 relates to multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3 (and possibly earlier). The NVD description indicates that remote attackers could inject arbitrary scripts via (1) the email Subject header in thread.php and (2) the edit_query parameter in search.p...

4.3CVSS6AI score0.02368EPSS
CVE
CVE
added 2004/06/23 4:0 a.m.57 views

CVE-2004-0584

CVE-2004-0584 refers to an input validation vulnerability in Horde IMP up to version 3.2.3 (and earlier) that can allow remote attackers to inject script via HTML or script in email messages, potentially triggering a cross-site scripting (XSS) condition. Affected software: Horde IMP 3.2.3 and ear...

6.8CVSS5.9AI score0.0134EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.56 views

CVE-2002-2024

Horde IMP 2.2.7 is affected. The issue allows remote attackers to obtain the full web root pathname by requesting specific files (poppassd.php3, login.php3?reason=chpass2, spelling.php3, ldap.search.php3?ldap_serv=nonsense), with error messages leaking the information. Impact is information discl...

5.3CVSS6.9AI score0.01924EPSS
CVE
CVE
added 2003/01/15 5:0 a.m.56 views

CVE-2003-0025

IMP is a web-based IMAP mail client, affected in versions up to 2.2.8 and earlier. The CVE describes multiple SQL injection vulnerabilities that allow a remote attacker to perform unauthorized database activities and potentially gain privileges, via functions such as check_prefs() in db.pgsql and...

7.5CVSS7.7AI score0.24055EPSS
CVE
CVE
added 2006/08/21 8:0 p.m.55 views

CVE-2006-4255

CVE-2006-4255 affects Horde IMP H3 before 4.1.3. The vulnerability is a Cross-Site Scripting (XSS) flaw in horde/imp/search.php, reported as injectible via multiple unspecified vectors related to folder names and the vfolder_label field in the IMP search screen. Affected component is the IMP webm...

4.3CVSS5.6AI score0.01624EPSS
Web
CVE
CVE
added 2014/04/05 9:0 p.m.55 views

CVE-2012-6640

Cross-site scripting (XSS) in Horde Internet Mail Program (IMP) before 5.0.22, used with Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment. No remediation details are provided in the supplied documents.

4.3CVSS5.6AI score0.01848EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.53 views

CVE-2005-1319

CVE-2005-1319 describes a cross-site scripting (XSS) vulnerability in the Horde IMP Webmail client, affecting versions prior to 3.2.8. The root cause is unsanitized input used to set the parent frame page title, allowing remote attackers to inject arbitrary script/HTML. Public references (NVD, SU...

4.3CVSS5.7AI score0.01228EPSS
CVE
CVE
added 2014/04/05 9:0 p.m.53 views

CVE-2012-5565

CVE-2012-5565 is an XSS vulnerability in Horde IMP (js/compose-dimp.js) used with Horde Groupware Webmail Edition prior to 4.0.9. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted name for an attached file in the dynamic view, affecting Horde IMP befo...

4.3CVSS5.6AI score0.0181EPSS
CVE
CVE
added 2010/01/29 6:0 p.m.52 views

CVE-2010-0463

CVE-2010-0463 affects Horde IMP 4.3.6 and earlier. The vulnerability arises because Horde IMP does not prevent DNS prefetching of domain names contained in e‑mail messages, enabling remote attackers to infer the webmail user’s network location by logging DNS requests. The NVD entry lists a CVSS v...

5CVSS6.3AI score0.01945EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.49 views

CVE-2001-1258

CVE-2001-1258 affects the Horde IMP before 2.2.6. According to the Debian DSA-073-1 advisory and related sources, a hostile user who can place a publicly readable prefs.lang file on the Apache/PHP server can have that file executed as PHP code, enabling access to config data and potentially the H...

3.6CVSS6.6AI score0.00464EPSS
CVE
CVE
added 2005/12/08 1:0 a.m.47 views

CVE-2005-4080

Horde IMP 4.0.4 and earlier are vulnerable to cross-site scripting (XSS) due to failure to sanitize strings containing UTF-16 null characters. The issue allows remote attackers to craft UTF-16 encoded attachments/strings that execute when viewed in Internet Explorer (which ignores the null chars)...

4.3CVSS6.1AI score0.02401EPSS
CVE
CVE
added 2001/10/12 4:0 a.m.46 views

CVE-2001-0744

Summary: CVE-2001-0744 affects Horde IMP 2.2.4 and earlier. The vulnerability arises from a symlink attack on a temporary file that allows local users to overwrite files. The impact is limited to local integrity (partial) with no confidentiality or availability impact stated, according to the pro...

2.1CVSS6.6AI score0.00356EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.44 views

CVE-2000-0911

CVE-2000-0911 affects IMP 2.2 and earlier. The vulnerability arises from modifying the hidden attachment_name form variable, enabling an attacker to read and delete arbitrary files by causing IMP to send the targeted file to the attacker as an attachment. The available sources confirm the affecte...

5CVSS7AI score0.01855EPSS
CVE
CVE
added 2011/04/01 9:0 p.m.42 views

CVE-2010-4778

Horde IMP prior to 4.3.8 and Horde Groupware Webmail Edition prior to 1.2.7 contain multiple XSS vulnerabilities in fetchmailprefs.php (fetchmail_prefs_save action). The issues allow remote attackers to inject arbitrary web script or HTML via vulnerable fields, specifically (for CVE-2010-4778) th...

4.3CVSS5.8AI score0.00902EPSS