MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2008-3823

CVSS 4.3v2.0pub. 2008-09-12upd. 2026-04-23

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Horde

    APP
    Horde
    3.23.2.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2012-0209HIGH7.5ten sam produkt

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP betwee...

CVE-2008-7218HIGH10.0ten sam produkt

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba ...

CVE-2005-3344HIGH10.0ten sam produkt

The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows...

CVE-2002-0181HIGH7.5ten sam produkt

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...

CVE-2010-1638MEDIUM5.0ten sam produkt

The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to sc...