Imp@3.0 Security Vulnerabilities and Issues — Imp@3.0 CVE List

Lucene search

HordeImp3.0

9 matches found

CVE•added 2005/02/13 5:0 a.m.•71 views

CVE-2004-1443

Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

4.3CVSS5.6AI score0.00427EPSS

CVE•added 2012/01/24 6:55 p.m.•52 views

CVE-2012-0791

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname paramet...

4.3CVSS5.6AI score0.00749EPSS

CVE•added 2011/03/31 10:55 p.m.•51 views

CVE-2010-3695

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration...

4.3CVSS5.5AI score0.01256EPSS

CVE•added 2007/03/16 9:19 p.m.•49 views

CVE-2007-1474

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

6.8CVSS6.7AI score0.01648EPSS

CVE•added 2004/08/06 4:0 a.m.•42 views

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.

6.8CVSS5.9AI score0.01052EPSS

CVE•added 2010/01/29 6:30 p.m.•41 views

CVE-2010-0463

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

5CVSS6.3AI score0.0026EPSS

CVE•added 2006/08/21 8:4 p.m.•40 views

CVE-2006-4255

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.

4.3CVSS5.6AI score0.00791EPSS

CVE•added 2005/12/08 1:3 a.m.•36 views

CVE-2005-4080

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

4.3CVSS6.1AI score0.01047EPSS

CVE•added 2011/04/04 12:27 p.m.•32 views

CVE-2010-4778

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (a...

4.3CVSS5.8AI score0.01256EPSS