4.3

CVE-2010-3695

Exploit
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HordeImp Version <= 4.3.7
HordeImp Version2.0
HordeImp Version2.2
HordeImp Version2.2.1
HordeImp Version2.2.2
HordeImp Version2.2.3
HordeImp Version2.2.4
HordeImp Version2.2.5
HordeImp Version2.2.6
HordeImp Version2.2.7
HordeImp Version2.2.8
HordeImp Version2.3
HordeImp Version3.0
HordeImp Version3.1
HordeImp Version3.1.2
HordeImp Version3.2
HordeImp Version3.2.1
HordeImp Version3.2.2
HordeImp Version3.2.3
HordeImp Version3.2.4
HordeImp Version3.2.5
HordeImp Version3.2.6
HordeImp Version3.2.7
HordeImp Version3.2.7 Updaterc1
HordeImp Version4.0
HordeImp Version4.0.1
HordeImp Version4.0.2
HordeImp Version4.0.3
HordeImp Version4.0.4
HordeImp Version4.1.3
HordeImp Version4.1.5
HordeImp Version4.1.6
HordeImp Version4.2
HordeImp Version4.2.1
HordeImp Version4.2.2
HordeImp Version4.3
HordeImp Version4.3.1
HordeImp Version4.3.2
HordeImp Version4.3.3
HordeImp Version4.3.4
HordeImp Version4.3.5
HordeImp Version4.3.6
HordeGroupware Version <= 1.2.6
HordeGroupware Version1.0
HordeGroupware Version1.0 Updaterc1
HordeGroupware Version1.0 Updaterc2
HordeGroupware Version1.0.1
HordeGroupware Version1.0.2
HordeGroupware Version1.0.3
HordeGroupware Version1.0.4
HordeGroupware Version1.0.5
HordeGroupware Version1.0.6
HordeGroupware Version1.0.7
HordeGroupware Version1.0.8
HordeGroupware Version1.1
HordeGroupware Version1.1 Updaterc1
HordeGroupware Version1.1 Updaterc2
HordeGroupware Version1.1 Updaterc3
HordeGroupware Version1.1 Updaterc4
HordeGroupware Version1.1.1
HordeGroupware Version1.1.2
HordeGroupware Version1.1.3
HordeGroupware Version1.1.4
HordeGroupware Version1.1.5
HordeGroupware Version1.1.6
HordeGroupware Version1.2
HordeGroupware Version1.2 Updaterc1
HordeGroupware Version1.2.1
HordeGroupware Version1.2.2
HordeGroupware Version1.2.3
HordeGroupware Version1.2.3 Updaterc1
HordeGroupware Version1.2.4
HordeGroupware Version1.2.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.98% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584
Patch
Exploit
http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h
http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11
Patch
http://lists.horde.org/archives/announce/2010/000558.html
Patch
http://lists.horde.org/archives/announce/2010/000568.html
http://openwall.com/lists/oss-security/2010/09/30/7
Patch
Exploit
http://openwall.com/lists/oss-security/2010/09/30/8
Patch
Exploit
http://openwall.com/lists/oss-security/2010/10/01/6
Patch
http://secunia.com/advisories/41627
Vendor Advisory
http://secunia.com/advisories/43896
Vendor Advisory
http://securityreason.com/securityalert/8170
http://www.debian.org/security/2011/dsa-2204
http://www.securityfocus.com/archive/1/513992/100/0/threaded
http://www.securityfocus.com/bid/43515
Exploit
http://www.vupen.com/english/advisories/2010/2513
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0769
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=641069
Patch
Exploit