MEDIUM✓ PATCH🇬🇧 English

CVE-2012-5565

CVSS 4.3v2.0pub. 2014-04-05upd. 2026-05-06

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Horde Groupware

    APP
    Horde
    4.04.0.14.0.24.0.34.0.44.0.54.0.64.0.7≤ 4.0.8
  • Horde Imp

    APP
    Horde
    5.0.105.0.115.0.125.0.135.0.145.0.155.0.165.0.175.0.185.0.195.0.205.0.215.0.225.0.45.0.5+ 5 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2020-8518CRITICAL9.8ten sam produkt

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...

CVE-2022-30287HIGH8.0ten sam produkt

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...

CVE-2013-6364HIGH8.8ten sam produkt

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

CVE-2019-12095HIGH8.8ten sam produkt

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...

CVE-2019-9858HIGH8.8ten sam produkt

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...