Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to horde - dynamic_imp

Vulnerability from fkie_nvd

Published

2012-01-24 18:55

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/47580	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/47592	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2485
secalert@redhat.com	http://www.horde.org/apps/imp/docs/CHANGES
secalert@redhat.com	http://www.horde.org/apps/imp/docs/RELEASE_NOTES
secalert@redhat.com	http://www.horde.org/apps/webmail/docs/CHANGES
secalert@redhat.com	http://www.horde.org/apps/webmail/docs/RELEASE_NOTES
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/01/22/2
secalert@redhat.com	http://www.securityfocus.com/bid/51586
secalert@redhat.com	http://www.securitytracker.com/id?1026553
secalert@redhat.com	http://www.securitytracker.com/id?1026554
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47580	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47592	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2485
af854a3a-2127-422b-91ae-364da2661108	http://www.horde.org/apps/imp/docs/CHANGES
af854a3a-2127-422b-91ae-364da2661108	http://www.horde.org/apps/imp/docs/RELEASE_NOTES
af854a3a-2127-422b-91ae-364da2661108	http://www.horde.org/apps/webmail/docs/CHANGES
af854a3a-2127-422b-91ae-364da2661108	http://www.horde.org/apps/webmail/docs/RELEASE_NOTES
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/01/22/2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51586
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026553
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026554

Impacted products

Vendor	Product	Version
horde	dynamic_imp	*
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.1
horde	dynamic_imp	1.1
horde	dynamic_imp	1.1
horde	dynamic_imp	1.1.1
horde	dynamic_imp	1.1.2
horde	dynamic_imp	1.1.3
horde	dynamic_imp	1.1.4
horde	dynamic_imp	1.1.5
horde	dynamic_imp	1.1.6
horde	dynamic_imp	5.0
horde	dynamic_imp	5.0.1
horde	dynamic_imp	5.0.2
horde	dynamic_imp	5.0.3
horde	dynamic_imp	5.0.4
horde	dynamic_imp	5.0.5
horde	dynamic_imp	5.0.6
horde	dynamic_imp	5.0.7
horde	dynamic_imp	5.0.8
horde	dynamic_imp	5.0.9
horde	dynamic_imp	5.0.10
horde	dynamic_imp	5.0.11
horde	dynamic_imp	5.0.12
horde	dynamic_imp	5.0.13
horde	dynamic_imp	5.0.14
horde	dynamic_imp	5.0.15
horde	dynamic_imp	5.0.16
horde	imp	2.0
horde	imp	2.2
horde	imp	2.2.1
horde	imp	2.2.2
horde	imp	2.2.3
horde	imp	2.2.4
horde	imp	2.2.5
horde	imp	2.2.6
horde	imp	2.2.7
horde	imp	2.2.8
horde	imp	2.3
horde	imp	3.0
horde	imp	3.1
horde	imp	3.1.2
horde	imp	3.2
horde	imp	3.2.1
horde	imp	3.2.2
horde	imp	3.2.3
horde	imp	3.2.4
horde	imp	3.2.5
horde	imp	3.2.6
horde	imp	3.2.7
horde	imp	3.2.7
horde	imp	4.0
horde	imp	4.0.1
horde	imp	4.0.2
horde	imp	4.0.3
horde	imp	4.0.4
horde	imp	4.1.3
horde	imp	4.1.5
horde	imp	4.1.6
horde	imp	4.2
horde	imp	4.2.1
horde	imp	4.2.2
horde	imp	4.3
horde	imp	4.3.1
horde	imp	4.3.2
horde	imp	4.3.3
horde	imp	4.3.4
horde	imp	4.3.5
horde	imp	4.3.6
horde	imp	4.3.7
horde	imp	4.3.8
horde	imp	4.3.9
horde	imp	5.0
horde	imp	5.0
horde	imp	5.0
horde	imp	5.0
horde	imp	5.0
horde	imp	5.0.1
horde	imp	5.0.2
horde	imp	5.0.3
horde	imp	5.0.4-git
horde	groupware_webmail_edition	*
horde	groupware_webmail_edition	1.0
horde	groupware_webmail_edition	1.0
horde	groupware_webmail_edition	1.0
horde	groupware_webmail_edition	1.0.1
horde	groupware_webmail_edition	1.0.2
horde	groupware_webmail_edition	1.0.3
horde	groupware_webmail_edition	1.0.4
horde	groupware_webmail_edition	1.0.5
horde	groupware_webmail_edition	1.0.6
horde	groupware_webmail_edition	1.0.7
horde	groupware_webmail_edition	1.0.8
horde	groupware_webmail_edition	1.1
horde	groupware_webmail_edition	1.1
horde	groupware_webmail_edition	1.1
horde	groupware_webmail_edition	1.1
horde	groupware_webmail_edition	1.1
horde	groupware_webmail_edition	1.1.1
horde	groupware_webmail_edition	1.1.2
horde	groupware_webmail_edition	1.1.3
horde	groupware_webmail_edition	1.1.4
horde	groupware_webmail_edition	1.1.5
horde	groupware_webmail_edition	1.1.6
horde	groupware_webmail_edition	1.2
horde	groupware_webmail_edition	1.2
horde	groupware_webmail_edition	1.2.1
horde	groupware_webmail_edition	1.2.2
horde	groupware_webmail_edition	1.2.3
horde	groupware_webmail_edition	1.2.3
horde	groupware_webmail_edition	1.2.4
horde	groupware_webmail_edition	1.2.5
horde	groupware_webmail_edition	1.2.6
horde	groupware_webmail_edition	1.2.7
horde	groupware_webmail_edition	1.2.8
horde	groupware_webmail_edition	1.2.9
horde	groupware_webmail_edition	1.2.10
horde	groupware_webmail_edition	4.0
horde	groupware_webmail_edition	4.0
horde	groupware_webmail_edition	4.0
horde	groupware_webmail_edition	4.0.1
horde	groupware_webmail_edition	4.0.2
horde	groupware_webmail_edition	4.0.3
horde	groupware_webmail_edition	4.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7395F88E-27B2-4C93-8360-3A925DBC7ED4",
              "versionEndIncluding": "5.0.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC88E67E-01FD-4B3A-A186-C0D5A8F3111D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "CBC6D9CA-DDD0-4D79-845B-95AEF907BC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72796BEA-2929-4730-BD97-52686ACA0A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D01633AC-7627-4DDA-A2FA-942D2F962567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6B517AA9-55B2-48E5-A1C0-83AAA1A38435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "349FE027-660E-42A8-9382-1049F827AE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "718B8347-55A5-4909-87DD-071F9D4606A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "741ECFFC-A7A5-4BF2-B9E4-C5E06F3AF0DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "155EE1D9-0EA9-4EFC-953D-5BD24FA596CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA83502-F507-4914-96A2-CFB7FDF29568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "939C5E5C-BA4D-4F65-BA9C-EEE70D18016C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0738E854-CAB5-4480-AD07-20EC35466640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA96BD59-233E-43C3-BE19-673CD6622EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A91FBA6A-AC38-4879-9084-88753B4D911B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4AFEE15-D89D-4C0F-BFD6-9ECF3163B7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C53AD47-FE94-403B-BCCC-1357FD2C6622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1DB223-163D-46B9-B8EF-33CF8A49EA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BC3866-0E7F-46E8-9347-C7B4BD1C0B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8031AE6-A3F9-4BBD-BAC9-1C224D6AB567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DB366EE-49A1-4395-BAA0-69BEA76CEACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4181ACC9-B59D-4ADF-B433-F0DC9227B33A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F372DA3C-39AC-4589-A23C-FFB62F919531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C10EED-D008-4695-84D5-6D0DFA4147B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C924A1E2-5EC7-4F6A-94A3-F8C17FF3A4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "494DFA09-3750-4A40-960D-7973761BCB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "567AC297-F328-43AA-BB3A-776BE6BE0337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "193EED6E-67FE-44CB-9A77-C28D1C376357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D312F2C-8F5D-47F8-94BE-7E1992C41DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "54E7B338-3153-4B34-B880-3E3B80B4B185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "991CAA1F-E3BA-48AC-A1FD-DACC2D204D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E2E0B7B-64DA-47CE-90B4-F468F2C67E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2A8C5B-6155-4B40-B8C8-B4944064E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11E08A4-79D6-46FE-880F-66E9778C298E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A3894F-2E3F-49CA-BEE5-759D603F6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDBDC41-7E6F-4C97-95BD-7DEB2D9FE837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B52D447-8E56-4E04-9650-38D222DA8D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C455353-0401-4975-89BC-C23D32A684F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D9D9E1-D8B7-4A56-BC2F-90BDC97322B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "59DE856E-98FF-4B49-BD7F-3E326FEB89EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED34889-9F98-46BC-9176-557484272C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FBC61D-6A08-4DE8-A5E5-A3FC57E7759D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52AEEE6-2364-4CFB-9337-C5CCA54362E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD137160-B80D-4C65-A9A9-CEE12107E3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6C2AC8-C21A-4152-AAE6-915ACE65CB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1956C8F0-EB91-4322-85C1-6BE15AA13703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48DEBEB-0C2D-4F6A-AF63-04990D2FD5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E004FA4-0180-458A-8E8C-8167EF684ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0A1617-17D1-4C9F-A818-27321FD2FEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86CDC19-43C3-4ACC-94B4-388BCC8A2203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9931A5B-CD0C-43A3-B32D-915FF4AF57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC69F98-A3B4-4573-AFE4-2069218B3454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4D0137-3515-4857-8E70-4600CD2D4278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A59756D1-3401-4B15-8B68-AA68B5BC3223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "73FD31BC-651B-461F-B9F4-6CA8D5CCE583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "184592A5-4108-40DB-8882-9D2468490DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28470602-E3F1-4F04-B012-F91AB95E7A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B584932-BFB2-4462-BC69-B9FCC059F59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "702F7A33-CF9E-4966-B622-E4BD27B120AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1BB456-5462-4ACE-AECF-730B1C7BE2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D23A341-217D-4AF2-AC61-DFC9761AFE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C129AAEE-5388-4D81-AC1F-570EFF27EF89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CBF0CE-7133-4281-842C-3584AE13F36D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "373263B9-D967-4A9B-A062-FC841061E143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05FAFC4C-8E72-4EA5-930F-6F76CCD0138A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F91A26C3-D538-4935-90FF-DDD5E8733968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F9064E7-6081-4B23-BC03-21E6F483FA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E60BFE2-B3E4-416F-9697-58D912907E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4C5D659-E2C1-444D-8B5C-28970D830F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D702C7-2789-4837-BC74-59570B13B4C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A363643-3EF2-4F05-A934-0187AF846D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4611791C-DA55-4F37-9030-1BEA17D0D817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5EC486-EF14-43DF-9152-69456E0FE271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EC0D61-EC7E-4BF3-9217-C1387ADB5794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB4B2C3E-9BB5-4403-9A7C-5AD0B92F02E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "31213DF1-47CC-4DCD-B8A5-5F0D30956859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD07BF20-09CE-4D32-A935-8EAA8363356F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "1B91647A-F174-4F2E-992E-BDA23B2E3545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "126DFFE7-AD9F-41E8-8AA0-C0F9CE80271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B02F8BA6-4A13-48CA-BAC9-F8C932453EF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "20AA91CC-4B6C-4BC9-9730-C613300702AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8E0715-9A6B-4A7C-9A6F-4B7A344B0968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "382D599B-09EC-4C2A-8F23-EB5D03C4AA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "15348E42-1A70-4787-95B0-9EDB100BB36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.4-git:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE40F36-6872-4C47-9A1E-F4EEEA115696",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0BA941-3235-46CB-A368-7E17482B0A15",
              "versionEndIncluding": "4.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A30F59C-D09A-495D-B5E5-E908D913164E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "48205A35-1F67-4E90-A891-29AA4D2CC138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "276A0BB9-6808-4901-8EEB-766AF6EE4E3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E367E84-DD66-4512-BCDE-7D7E62B72A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B013D26B-BE67-4131-B320-EF87D19E9C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "664B0D12-607C-4B5F-AC8E-FB1BBD1332E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989D5040-13B3-4D76-A516-81CAB112FE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0765C9-BBFB-4676-9D79-0CFD86BCF9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "842159D1-E30C-4077-8E92-07979E52C10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "81D9B15F-C3CA-44DF-BF5E-51741793348B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "359D7ED8-E171-4822-B2F3-80E07287A787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46ADF628-449A-463E-A459-69FD9DB2ADAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5E8F448D-DFB5-4BA3-BD28-13E39FF82A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5C783DC9-4379-49A8-A026-D1F933DB36AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "2AD6F3C8-50F8-4E9B-98EA-8962B2310780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "36CFEF77-BE64-4547-9A5F-DABD589C5ED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7522F6-DF2C-4225-932F-2D27C1EFD792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BE7A07-3455-4A18-BDBC-DC261B35D427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "503BB3EF-2BDC-4019-8EE2-B121A2600DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "54DA4725-AAA4-4A4B-B6A4-9A139A6176AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA22094F-3A01-4B66-99E1-0ED9D5574F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D105C44-38EE-4D86-9334-DA0E8A08B725",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C145E10-4AC0-4F25-9D98-64447BB7C103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "461A597A-93DD-4A12-BB04-C02277317C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B256AACA-93C8-447A-AB08-ABF0A9E4E63D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D634210-6D2D-4181-8310-73FB5B9872D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C10C8DB-FB73-4982-8B92-D3E1FB1C59A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "319BC54E-2A0B-4033-AD73-3E8825E8D9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A86680C-839E-4EED-9B32-CE101DC7B6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0F1DCA-7D9F-42E3-9FB9-D3C100F09A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BFADDD4-8B5E-4EE7-A390-CDFD48CE3ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F5FB253-C2E5-48F3-B13F-79C45024D89D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D0D17F-B2E4-496D-9ACD-170C33B453F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6314FAC0-544A-492F-81BA-9169EB69E74D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CC6175-10F8-4DD9-A1E7-202F5F4A221C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED61953-A384-498C-AFFD-F83ADF51CFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EC13F5CD-2BB9-4FA7-BE4C-D2175E18E063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FFF8191E-F2EA-4071-B26D-8E45103D4A0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "040AC7A5-689B-4F12-A199-FB395E4CB84B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFD1571-C070-4B5F-9BA3-5B1789068396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0909400D-75C6-4DED-8C77-333D8F092AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08050D4C-6620-4177-9967-044AD2B9368B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerbilidades de ejecuci\u00f3n de secuencias de comandos web en sitios cruzados (XSS) en Horde IMP anterior a v5.0.18 y Horde Groupware Webmail Edition anterior a v4.0.6 permite a atacantes remotos inyectar c\u00f3digo HTML o script web a trav\u00e9s de los par\u00e1metros que componen la p\u00e1gina (1) composeCache, (2) rtemode, o (3) filename_*;(4) par\u00e1metro formname para ventanas popup; o (5) nombres de buz\u00f3n IMAP. NOTA: Algunos de estos detalles han sido obtenidos de terceras partes de informaci\u00f3n."
    }
  ],
  "id": "CVE-2012-0791",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-01-24T18:55:01.440",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47580"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47592"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2485"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.horde.org/apps/imp/docs/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/51586"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026553"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.horde.org/apps/imp/docs/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026554"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-04-04 12:27

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

References

URL	Tags
secalert@redhat.com	http://bugs.horde.org/ticket/9240	Patch
secalert@redhat.com	http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h
secalert@redhat.com	http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h	Patch
secalert@redhat.com	http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d	Patch
secalert@redhat.com	http://lists.horde.org/archives/announce/2010/000561.html	Patch
secalert@redhat.com	http://lists.horde.org/archives/announce/2010/000568.html	Patch
secalert@redhat.com	http://openwall.com/lists/oss-security/2010/09/30/7	Exploit, Patch
secalert@redhat.com	http://openwall.com/lists/oss-security/2010/09/30/8	Patch
secalert@redhat.com	http://openwall.com/lists/oss-security/2010/10/01/6	Patch
secalert@redhat.com	http://secunia.com/advisories/41639	Vendor Advisory
secalert@redhat.com	http://www.osvdb.org/68267
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2522	Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/62080
af854a3a-2127-422b-91ae-364da2661108	http://bugs.horde.org/ticket/9240	Patch
af854a3a-2127-422b-91ae-364da2661108	http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h
af854a3a-2127-422b-91ae-364da2661108	http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.horde.org/archives/announce/2010/000561.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.horde.org/archives/announce/2010/000568.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2010/09/30/7	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2010/09/30/8	Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2010/10/01/6	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41639	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/68267
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2522	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62080

Impacted products

Vendor	Product	Version
horde	groupware	*
horde	groupware	1.0
horde	groupware	1.0
horde	groupware	1.0
horde	groupware	1.0.1
horde	groupware	1.0.2
horde	groupware	1.0.3
horde	groupware	1.0.4
horde	groupware	1.0.5
horde	groupware	1.0.6
horde	groupware	1.0.7
horde	groupware	1.0.8
horde	groupware	1.1
horde	groupware	1.1
horde	groupware	1.1
horde	groupware	1.1
horde	groupware	1.1
horde	groupware	1.1.1
horde	groupware	1.1.2
horde	groupware	1.1.3
horde	groupware	1.1.4
horde	groupware	1.1.5
horde	groupware	1.1.6
horde	groupware	1.2
horde	groupware	1.2
horde	groupware	1.2.1
horde	groupware	1.2.2
horde	groupware	1.2.3
horde	groupware	1.2.3
horde	groupware	1.2.4
horde	groupware	1.2.5
horde	dynamic_imp	*
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.0
horde	dynamic_imp	1.1
horde	dynamic_imp	1.1
horde	dynamic_imp	1.1
horde	dynamic_imp	1.1.1
horde	dynamic_imp	1.1.2
horde	dynamic_imp	1.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82E23DB-0652-4BA9-9D9A-0107BEC1EA31",
              "versionEndIncluding": "1.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E55009DF-EDF1-4FAE-88E7-1CF33BFFEBC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "980162BB-48B3-4921-987A-6D18C62965A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59C23FB-E223-4EED-8F69-3CC1EE7DF148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "904EEFF0-CF66-43E6-BAA9-1A6FB4115CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3AB0176-9CB3-4D49-B644-2C413C9B6E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95E9B57-2DB0-4692-A7D1-180EC3687D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E7D8683-8DD4-4EB0-A28F-0C556304BB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F68E5D5-7812-4FB2-ACF9-76180B038D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37B76B27-ADF0-4E88-B92C-304FB38A356E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "965F245A-879A-4DF0-ABC5-588E78C4CBBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3DCB29F9-3875-4264-8117-5751FEDC3350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "59FC250F-EF0B-4604-99A2-3EEB8B2DEB77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C10E681-5D2B-4EA4-B8E1-C0CA4FC9D3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CC5154-42C5-4877-9147-5DFD61BD5CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AAEBBF-1696-4EAC-8837-68A03C2D2F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F626876D-99FC-4DE0-BEE0-35874C4E25F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A849DD3E-882A-4621-BB6C-315A76677BB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF1A6AE-0748-476B-ACE2-DA43A9443B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB711B5E-9011-4BA2-917A-DB8545705E23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "50DC1068-F426-497F-A5A0-E032BC3816F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C5A176-8C72-40EA-85AC-F11B40FD53A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4C3487-4556-47E5-8BF3-1DEDF0E9AFEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F24E43-491B-4AD1-B905-66F7FC6DA98D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F577A169-8354-4218-B3C6-04DA4BDF1E3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFD66F-81F7-48F9-87F0-E394F55A1288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA91C75-69CF-45AE-AF23-ADE9259B7C9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAD2A3-6224-4489-AC0F-153EFAF50695",
              "versionEndIncluding": "1.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC88E67E-01FD-4B3A-A186-C0D5A8F3111D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "CBC6D9CA-DDD0-4D79-845B-95AEF907BC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72796BEA-2929-4730-BD97-52686ACA0A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D01633AC-7627-4DDA-A2FA-942D2F962567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6B517AA9-55B2-48E5-A1C0-83AAA1A38435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "349FE027-660E-42A8-9382-1049F827AE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "718B8347-55A5-4909-87DD-071F9D4606A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "741ECFFC-A7A5-4BF2-B9E4-C5E06F3AF0DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "155EE1D9-0EA9-4EFC-953D-5BD24FA596CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA83502-F507-4914-96A2-CFB7FDF29568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:dynamic_imp:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "939C5E5C-BA4D-4F65-BA9C-EEE70D18016C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Horde Dynamic IMP (DIMP) antes de v1.1.5, y Horde Groupware Webmail Edition antes de v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con nombres de buz\u00f3n mostrar."
    }
  ],
  "id": "CVE-2010-3693",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-04T12:27:36.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.horde.org/ticket/9240"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000561.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000568.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41639"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/68267"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2522"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.horde.org/ticket/9240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000561.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2010/000568.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/68267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-0791 (GCVE-0-2012-0791)

Vulnerability from cvelistv5

Published

2012-01-24 18:00

Modified

2024-08-06 18:38

Severity ?

CWE

Summary

References

▼	URL	Tags
	http://www.horde.org/apps/webmail/docs/CHANGES	x_refsource_CONFIRM
	http://www.debian.org/security/2012/dsa-2485	vendor-advisory, x_refsource_DEBIAN
	http://www.horde.org/apps/webmail/docs/RELEASE_NOTES	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1026553	vdb-entry, x_refsource_SECTRACK
	http://www.horde.org/apps/imp/docs/RELEASE_NOTES	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/51586	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/47580	third-party-advisory, x_refsource_SECUNIA
	http://www.horde.org/apps/imp/docs/CHANGES	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1026554	vdb-entry, x_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2012/01/22/2	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/47592	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
          },
          {
            "name": "DSA-2485",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
          },
          {
            "name": "1026553",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
          },
          {
            "name": "51586",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51586"
          },
          {
            "name": "47580",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47580"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.horde.org/apps/imp/docs/CHANGES"
          },
          {
            "name": "1026554",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026554"
          },
          {
            "name": "[oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
          },
          {
            "name": "47592",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47592"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
        },
        {
          "name": "DSA-2485",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
        },
        {
          "name": "1026553",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
        },
        {
          "name": "51586",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51586"
        },
        {
          "name": "47580",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47580"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.horde.org/apps/imp/docs/CHANGES"
        },
        {
          "name": "1026554",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026554"
        },
        {
          "name": "[oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
        },
        {
          "name": "47592",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47592"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0791",
    "datePublished": "2012-01-24T18:00:00",
    "dateReserved": "2012-01-19T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3693 (GCVE-0-2010-3693)

Vulnerability from cvelistv5

Published

2011-04-01 21:00

Modified

2024-08-07 03:18

Severity ?

CWE

Summary

References

▼	URL	Tags
	http://lists.horde.org/archives/announce/2010/000568.html	mailing-list, x_refsource_MLIST
	http://openwall.com/lists/oss-security/2010/10/01/6	mailing-list, x_refsource_MLIST
	http://bugs.horde.org/ticket/9240	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/2522	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/62080	vdb-entry, x_refsource_XF
	http://www.osvdb.org/68267	vdb-entry, x_refsource_OSVDB
	http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d	x_refsource_CONFIRM
	http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h	x_refsource_CONFIRM
	http://lists.horde.org/archives/announce/2010/000561.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/41639	third-party-advisory, x_refsource_SECUNIA
	http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2010/09/30/8	mailing-list, x_refsource_MLIST
	http://openwall.com/lists/oss-security/2010/09/30/7	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2010/000568.html"
          },
          {
            "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.horde.org/ticket/9240"
          },
          {
            "name": "ADV-2010-2522",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2522"
          },
          {
            "name": "dynamicimp-mailbox-xss(62080)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
          },
          {
            "name": "68267",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/68267"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
          },
          {
            "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2010/000561.html"
          },
          {
            "name": "41639",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41639"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
          },
          {
            "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
          },
          {
            "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2010/000568.html"
        },
        {
          "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.horde.org/ticket/9240"
        },
        {
          "name": "ADV-2010-2522",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2522"
        },
        {
          "name": "dynamicimp-mailbox-xss(62080)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
        },
        {
          "name": "68267",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/68267"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
        },
        {
          "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2010/000561.html"
        },
        {
          "name": "41639",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41639"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
        },
        {
          "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
        },
        {
          "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-3693",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2010/000568.html"
            },
            {
              "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
            },
            {
              "name": "http://bugs.horde.org/ticket/9240",
              "refsource": "CONFIRM",
              "url": "http://bugs.horde.org/ticket/9240"
            },
            {
              "name": "ADV-2010-2522",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2522"
            },
            {
              "name": "dynamicimp-mailbox-xss(62080)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
            },
            {
              "name": "68267",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/68267"
            },
            {
              "name": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d",
              "refsource": "CONFIRM",
              "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
            },
            {
              "name": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h",
              "refsource": "CONFIRM",
              "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
            },
            {
              "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2010/000561.html"
            },
            {
              "name": "41639",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41639"
            },
            {
              "name": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h",
              "refsource": "CONFIRM",
              "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
            },
            {
              "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
            },
            {
              "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3693",
    "datePublished": "2011-04-01T21:00:00",
    "dateReserved": "2010-10-01T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}