Imp Security Vulnerabilities and Issues — Imp CVE List

Lucene search

HordeImp

4 matches found

CVE•added 2005/02/13 5:0 a.m.•71 views

CVE-2004-1443

Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

4.3CVSS5.6AI score0.00427EPSS

CVE•added 2005/07/14 4:0 a.m.•42 views

CVE-2002-2024

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

5.3CVSS6.9AI score0.00385EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1319

Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3CVSS5.7AI score0.00335EPSS

CVE•added 2005/12/08 1:3 a.m.•36 views

CVE-2005-4080

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

4.3CVSS6.1AI score0.01047EPSS