Imp@* Security Vulnerabilities and Issues — Imp@* CVE List

Lucene search

HordeImp*

9 matches found

CVE•added 2025/03/21 5:15 p.m.•55 views

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.

7.2CVSS6.6AI score0.08686EPSS

CVE•added 2011/03/31 10:55 p.m.•51 views

CVE-2010-3695

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration...

4.3CVSS5.5AI score0.01256EPSS

CVE•added 2007/03/20 10:19 a.m.•47 views

CVE-2007-1515

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. N...

4.3CVSS6AI score0.0114EPSS

CVE•added 2010/01/29 6:30 p.m.•41 views

CVE-2010-0463

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

5CVSS6.3AI score0.0026EPSS

CVE•added 2014/04/05 9:55 p.m.•41 views

CVE-2012-5565

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic ...

4.3CVSS5.6AI score0.00295EPSS

CVE•added 2014/04/05 9:55 p.m.•41 views

CVE-2012-6640

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

4.3CVSS5.6AI score0.00296EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1319

Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3CVSS5.7AI score0.00335EPSS

CVE•added 2001/10/18 4:0 a.m.•34 views

CVE-2001-0744

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.

2.1CVSS6.6AI score0.00089EPSS

CVE•added 2011/04/04 12:27 p.m.•32 views

CVE-2010-4778

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (a...

4.3CVSS5.8AI score0.01256EPSS