MEDIUMβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2012-5565

CVSS 4.3v2.0pub. 2014-04-05upd. 2026-05-06

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Horde Groupware

    APP
    Horde
    4.04.0.14.0.24.0.34.0.44.0.54.0.64.0.7≀ 4.0.8
  • Horde Imp

    APP
    Horde
    5.0.105.0.115.0.125.0.135.0.145.0.155.0.165.0.175.0.185.0.195.0.205.0.215.0.225.0.45.0.5+ 5 wiΔ™cej
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2020-8518CRITICAL9.8ten sam produkt

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...

CVE-2022-30287HIGH8.0ten sam produkt

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...

CVE-2013-6364HIGH8.8ten sam produkt

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

CVE-2019-12095HIGH8.8ten sam produkt

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...

CVE-2019-9858HIGH8.8ten sam produkt

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...

CVE-2012-5565 β€” Horde β€” Groupware β€” MEDIUM β€” CVSS 4.3 | CVEbaza.pl