fkie_nvd - fkie_cve-2012-5565

fkie_cve-2012-5565

Vulnerability from fkie_nvd

Published

2014-04-05 21:55

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.

References

URL	Tags
secalert@redhat.com	http://lists.horde.org/archives/announce/2012/000833.html
secalert@redhat.com	http://lists.horde.org/archives/announce/2012/000840.html	Vendor Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/11/23/6
secalert@redhat.com	https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2
af854a3a-2127-422b-91ae-364da2661108	http://lists.horde.org/archives/announce/2012/000833.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.horde.org/archives/announce/2012/000840.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/11/23/6
af854a3a-2127-422b-91ae-364da2661108	https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2

Impacted products

Vendor	Product	Version
horde	imp	*
horde	imp	5.0.4
horde	imp	5.0.5
horde	imp	5.0.6
horde	imp	5.0.7
horde	imp	5.0.8
horde	imp	5.0.9
horde	imp	5.0.10
horde	imp	5.0.11
horde	imp	5.0.12
horde	imp	5.0.13
horde	imp	5.0.14
horde	imp	5.0.15
horde	imp	5.0.16
horde	imp	5.0.17
horde	imp	5.0.18
horde	imp	5.0.19
horde	imp	5.0.20
horde	imp	5.0.21
horde	imp	5.0.22
horde	groupware	*
horde	groupware	4.0
horde	groupware	4.0
horde	groupware	4.0
horde	groupware	4.0.1
horde	groupware	4.0.2
horde	groupware	4.0.3
horde	groupware	4.0.4
horde	groupware	4.0.5
horde	groupware	4.0.6
horde	groupware	4.0.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:imp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28CB330-C845-4E68-989E-807B16726CC7",
              "versionEndIncluding": "5.0.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "353AD017-60F5-4168-B672-17EF90CDCB64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBB960F-026D-4C40-BC61-0D963C9E25E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D3990B-339B-498A-A5B5-780DA8A0ABD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF27F1F-F405-47F8-9486-E86555D61B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B2E22CB-E82E-4203-B9E9-4BDA58C9A5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE4D6BE-11F3-468E-8CB2-44AA1B3BA7FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "74EE40AB-753A-4109-AE27-7BDD78B047A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A03CD8B-C101-4737-B435-B43D543E6335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3C95A9-E61E-45BF-9FBD-EBE16F4B3189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B7724A-D3D2-4511-9E44-E0C71E049854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F93E89-8B6D-4A1F-BBD9-B154B5489236",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF189F04-60A6-4D80-BCCD-B405F35AAE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA984AF6-BE4F-4F23-9D42-3B05B05F6FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B27528A-1090-4834-808C-39202BFB2A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A43FBB-5345-4D86-B5A2-885DEDDEF70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "981F83E1-6D69-401D-9F11-9A8A2036BF6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "823C5DDE-2853-472C-9367-2E7E1E97D61C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E513887-24D1-4F94-9948-F355F9778CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D4656C-5230-4155-9435-FFFB6E9F515F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:groupware:*:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "E888C8C2-27C5-4BD0-9EEE-750DF5DE6488",
              "versionEndIncluding": "4.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "F505E80A-B91C-401C-9B77-F34B00ECA434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0:rc1:webamail:*:*:*:*:*",
              "matchCriteriaId": "A9129D4A-F365-4630-976A-DBFBBEA531FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0:rc2:webamail:*:*:*:*:*",
              "matchCriteriaId": "C910D464-66B3-4593-A7D8-3FD3EADB9AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.1:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "A6A67FDD-C9CE-43E4-ADD9-DB5699BEF61C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.2:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "A1158FCA-2AAB-4EC4-9B34-F1B44DDA4FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.3:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "2A0A5DB9-3731-466D-8D0F-7BE71A34184B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.4:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "5D07339E-54B9-4513-82EB-0FB53AD5B82B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.5:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "717CB664-818F-4583-83FF-47B167993569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.6:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "185839EF-1F07-4C2C-B710-FD607EAD0A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware:4.0.7:*:webamail:*:*:*:*:*",
              "matchCriteriaId": "29D96163-C022-4DBD-8B94-746665B99A73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en js/compose-dimp.js en Horde Internet Mail Program (IMP) anterior a 5.0.24, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un nombre manipulado para un archivo adjunto, relacionado con la visualizaci\u00f3n din\u00e1mica."
    }
  ],
  "id": "CVE-2012-5565",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-04-05T21:55:06.190",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.horde.org/archives/announce/2012/000833.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2012/000840.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/23/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.horde.org/archives/announce/2012/000833.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.horde.org/archives/announce/2012/000840.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/23/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-5565 (GCVE-0-2012-5565)

Vulnerability from cvelistv5

Published

2014-04-05 21:00

Modified

2024-08-06 21:14