4.3

CVE-2012-0791

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names.  NOTE: some of these details are obtained from third party information.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HordeDynamic Imp Version <= 5.0.17
HordeDynamic Imp Version1.0
HordeDynamic Imp Version1.0 Updatealpha
HordeDynamic Imp Version1.0 Updaterc1
HordeDynamic Imp Version1.0 Updaterc2
HordeDynamic Imp Version1.0 Updaterc3
HordeDynamic Imp Version1.1
HordeDynamic Imp Version1.1 Updaterc1
HordeDynamic Imp Version1.1 Updaterc2
HordeDynamic Imp Version1.1.1
HordeDynamic Imp Version1.1.2
HordeDynamic Imp Version1.1.3
HordeDynamic Imp Version1.1.4
HordeDynamic Imp Version1.1.5
HordeDynamic Imp Version1.1.6
HordeDynamic Imp Version5.0
HordeDynamic Imp Version5.0.1
HordeDynamic Imp Version5.0.2
HordeDynamic Imp Version5.0.3
HordeDynamic Imp Version5.0.4
HordeDynamic Imp Version5.0.5
HordeDynamic Imp Version5.0.6
HordeDynamic Imp Version5.0.7
HordeDynamic Imp Version5.0.8
HordeDynamic Imp Version5.0.9
HordeDynamic Imp Version5.0.10
HordeDynamic Imp Version5.0.11
HordeDynamic Imp Version5.0.12
HordeDynamic Imp Version5.0.13
HordeDynamic Imp Version5.0.14
HordeDynamic Imp Version5.0.15
HordeDynamic Imp Version5.0.16
HordeImp Version2.0
HordeImp Version2.2
HordeImp Version2.2.1
HordeImp Version2.2.2
HordeImp Version2.2.3
HordeImp Version2.2.4
HordeImp Version2.2.5
HordeImp Version2.2.6
HordeImp Version2.2.7
HordeImp Version2.2.8
HordeImp Version2.3
HordeImp Version3.0
HordeImp Version3.1
HordeImp Version3.1.2
HordeImp Version3.2
HordeImp Version3.2.1
HordeImp Version3.2.2
HordeImp Version3.2.3
HordeImp Version3.2.4
HordeImp Version3.2.5
HordeImp Version3.2.6
HordeImp Version3.2.7
HordeImp Version3.2.7 Updaterc1
HordeImp Version4.0
HordeImp Version4.0.1
HordeImp Version4.0.2
HordeImp Version4.0.3
HordeImp Version4.0.4
HordeImp Version4.1.3
HordeImp Version4.1.5
HordeImp Version4.1.6
HordeImp Version4.2
HordeImp Version4.2.1
HordeImp Version4.2.2
HordeImp Version4.3
HordeImp Version4.3.1
HordeImp Version4.3.2
HordeImp Version4.3.3
HordeImp Version4.3.4
HordeImp Version4.3.5
HordeImp Version4.3.6
HordeImp Version4.3.7
HordeImp Version4.3.8
HordeImp Version4.3.9
HordeImp Version5.0
HordeImp Version5.0 Updatealpha1
HordeImp Version5.0 Updatebeta1
HordeImp Version5.0 Updaterc1
HordeImp Version5.0 Updaterc2
HordeImp Version5.0.1
HordeImp Version5.0.2
HordeImp Version5.0.3
HordeImp Version5.0.4-git
HordeGroupware Webmail Edition Version <= 4.0.5
HordeGroupware Webmail Edition Version1.0 Updaterc1
HordeGroupware Webmail Edition Version1.0 Updaterc2
HordeGroupware Webmail Edition Version1.0.1
HordeGroupware Webmail Edition Version1.0.2
HordeGroupware Webmail Edition Version1.0.3
HordeGroupware Webmail Edition Version1.0.4
HordeGroupware Webmail Edition Version1.0.5
HordeGroupware Webmail Edition Version1.0.6
HordeGroupware Webmail Edition Version1.0.7
HordeGroupware Webmail Edition Version1.0.8
HordeGroupware Webmail Edition Version1.1 Updaterc1
HordeGroupware Webmail Edition Version1.1 Updaterc2
HordeGroupware Webmail Edition Version1.1 Updaterc3
HordeGroupware Webmail Edition Version1.1 Updaterc4
HordeGroupware Webmail Edition Version1.1.1
HordeGroupware Webmail Edition Version1.1.2
HordeGroupware Webmail Edition Version1.1.3
HordeGroupware Webmail Edition Version1.1.4
HordeGroupware Webmail Edition Version1.1.5
HordeGroupware Webmail Edition Version1.1.6
HordeGroupware Webmail Edition Version1.2 Updaterc1
HordeGroupware Webmail Edition Version1.2.1
HordeGroupware Webmail Edition Version1.2.2
HordeGroupware Webmail Edition Version1.2.3
HordeGroupware Webmail Edition Version1.2.3 Updaterc1
HordeGroupware Webmail Edition Version1.2.4
HordeGroupware Webmail Edition Version1.2.5
HordeGroupware Webmail Edition Version1.2.6
HordeGroupware Webmail Edition Version1.2.7
HordeGroupware Webmail Edition Version1.2.8
HordeGroupware Webmail Edition Version1.2.9
HordeGroupware Webmail Edition Version1.2.10
HordeGroupware Webmail Edition Version4.0 Updaterc1
HordeGroupware Webmail Edition Version4.0 Updaterc2
HordeGroupware Webmail Edition Version4.0.1
HordeGroupware Webmail Edition Version4.0.2
HordeGroupware Webmail Edition Version4.0.3
HordeGroupware Webmail Edition Version4.0.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.708
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.