CVE-2026-58451
- EPSS 0.34%
- Veröffentlicht 01.07.2026 18:16:09
- Zuletzt bearbeitet 02.07.2026 20:17:06
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. At...
CVE-2025-30349
- EPSS 30.16%
- Veröffentlicht 21.03.2025 00:00:00
- Zuletzt bearbeitet 15.04.2026 00:35:42
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited ...
CVE-2012-6640
- EPSS 1.85%
- Veröffentlicht 05.04.2014 21:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a...
CVE-2012-5565
- EPSS 1.81%
- Veröffentlicht 05.04.2014 21:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted n...
CVE-2012-0791
- EPSS 2.44%
- Veröffentlicht 24.01.2012 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:16
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* par...
CVE-2010-4778
- EPSS 0.9%
- Veröffentlicht 04.04.2011 12:27:36
- Zuletzt bearbeitet 16.06.2026 23:25:31
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername)...
CVE-2010-3695
- EPSS 4.98%
- Veröffentlicht 31.03.2011 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:23:21
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_sa...
- EPSS 1.95%
- Veröffentlicht 29.01.2010 18:30:01
- Zuletzt bearbeitet 16.06.2026 23:16:13
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requ...
CVE-2007-6018
- EPSS 1.77%
- Veröffentlicht 11.01.2008 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:16
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2)...
CVE-2007-1515
- EPSS 2.37%
- Veröffentlicht 20.03.2007 10:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:44
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php,...