Lucene search
RootSSV:4929HistoryMar 19, 2009 - 12:00 a.m.
Horde IMP Webmail客户端跨站脚本和HTML注入漏洞
2009-03-1900:00:00
Root
www.seebug.org
11
0.003 Low
EPSS
Percentile
68.5%
BUGTRAQ ID: 33492
CVE(CAN) ID: CVE-2009-0930
IMP是一款基于Web的强大的邮件程序,由Horde项目组开发,可使用在Linux/Unix或者Windows操作系统下。
IMP没有正确地过滤对smime.php、pgp.php和message.php模块的输入参数便返回给了用户,远程攻击者可以通过向这些模块提交恶意请求执行跨站脚本和HTML注入攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。
Horde IMP 4.3.x
Horde IMP 4.2.x
厂商补丁:
Horde
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://lists.horde.org/archives/announce/2009/000484.html” target=“_blank”>http://lists.horde.org/archives/announce/2009/000484.html</a>
<a href=“http://lists.horde.org/archives/announce/2009/000485.html” target=“_blank”>http://lists.horde.org/archives/announce/2009/000485.html</a>
Related
prion
prion
Cross site scripting
2009-03-17 21:30:00
cve
cve
CVE-2009-0930
2009-03-17 21:30:00
ubuntucve
ubuntucve
CVE-2009-0930
2009-03-17 00:00:00
securityvulns
securityvulns
openvas
openvas
Debian Security Advisory DSA 1770-1 (imp4)
2009-04-15 00:00:00
Fedora Update for imp FEDORA-2010-5508
2010-04-06 00:00:00
Fedora Update for imp FEDORA-2010-5508
2010-04-06 00:00:00
osv
osv
imp4 - cross-site scripting
2009-04-13 00:00:00
nessus
nessus
Debian DSA-1770-1 : imp4 - Insufficient input sanitising
2009-04-14 00:00:00
Fedora 11 : imp-4.3.6-1.fc11 (2010-5508)
2010-07-01 00:00:00
openSUSE Security Update : imp (imp-659)
2009-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: imp-4.3.6-1.fc11
2010-04-01 01:46:33
debian
debian
[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting
2009-04-13 15:11:15
gentoo
gentoo
Horde: Multiple vulnerabilities
2009-09-12 00:00:00