Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.
oryginał ENAV:N/AC:M/Au:N/C:N/I:P/A:NHorde Groupware
APPHorde4.04.0.14.0.24.0.34.0.44.0.54.0.64.0.7≤ 4.0.8Horde Imp
APPHorde5.0.105.0.115.0.125.0.135.0.145.0.155.0.165.0.175.0.185.0.195.0.205.0.215.0.225.0.45.0.5+ 5 więcej
Powiązane podatności
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...