4.3

CVE-2006-4255

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.

Data is provided by the National Vulnerability Database (NVD)
HordeHorde Version3.0
HordeHorde Version3.0.1
HordeHorde Version3.0.2
HordeHorde Version3.0.3
HordeHorde Version3.0.4
HordeHorde Version3.0.4_rc1
HordeHorde Version3.0.4_rc2
HordeHorde Version3.0.6
HordeHorde Version3.0.7
HordeHorde Version3.0.8
HordeHorde Version3.0.9
HordeHorde Version3.1
HordeHorde Version3.1.1
HordeImp Version2.0
HordeImp Version2.2
HordeImp Version2.2.1
HordeImp Version2.2.2
HordeImp Version2.2.3
HordeImp Version2.2.4
HordeImp Version2.2.5
HordeImp Version2.2.6
HordeImp Version2.2.7
HordeImp Version2.2.8
HordeImp Version2.3
HordeImp Version3.0
HordeImp Version3.1
HordeImp Version3.1.2
HordeImp Version3.2
HordeImp Version3.2.1
HordeImp Version3.2.2
HordeImp Version3.2.3
HordeImp Version3.2.4
HordeImp Version3.2.5
HordeImp Version4.0
HordeImp Version4.0.1
HordeImp Version4.0.2
HordeImp Version4.0.3
HordeImp Version4.0.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.8% 0.733
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N