Vulnerabilities > CVE-2004-0584 - HTML Injection vulnerability in Horde IMP Email Header
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 18 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200406-11.NASL description The remote host is affected by the vulnerability described in GLSA-200406-11 (Horde-IMP: Input validation vulnerability) Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact : By enticing a user to read a specially crafted e-mail, an attacker can execute arbitrary scripts running in the context of the victim last seen 2020-06-01 modified 2020-06-02 plugin id 14522 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14522 title GLSA-200406-11 : Horde-IMP: Input validation vulnerability NASL family CGI abuses : XSS NASL id IMP_CONTENT_TYPE_XSS.NASL description The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME message with a specially crafted Content-Type header. Note : Nessus has determined the vulnerability exists on the target simply by looking at the version number of IMP installed there; it has not attempted to actually exploit the vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 12263 published 2004-06-08 reporter This script is Copyright (C) 2004-2018 George A. Theall source https://www.tenable.com/plugins/nessus/12263 title IMP Content-Type Header XSS