MEDIUM🇵🇱 Wersja polska

CVE-2012-0791

CVSS 4.3v2.0pub. 2012-01-24upd. 2026-04-29

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Horde Dynamic Imp

    APP
    Horde
    1.01.11.1.11.1.21.1.31.1.41.1.51.1.65.05.0.15.0.105.0.115.0.125.0.135.0.14+ 11 więcej
  • Horde Groupware Webmail Edition

    APP
    Horde
    1.01.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.11.1.11.1.21.1.31.1.41.1.5+ 11 więcej
  • Horde Imp

    APP
    Horde
    2.02.22.2.12.2.22.2.32.2.42.2.52.2.62.2.72.2.82.33.03.13.1.23.2+ 33 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2008-7219HIGH10.0ten sam produkt

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mn...

CVE-2008-7218HIGH10.0ten sam produkt

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba ...

CVE-2008-3650HIGH9.0ten sam produkt

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impa...

CVE-2003-0025HIGH7.5ten sam produkt

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized...

CVE-2002-0181HIGH7.5ten sam produkt

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...