Vulnerabilities > CVE-2005-1319 - Cross-Site Scripting vulnerability in IMP

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
horde
nessus
NVD
Published: 2005-05-02
Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

Vulnerable Configurations

Part Description Count
Application
Horde
23

Nessus

NASL familyCGI abuses : XSS
NASL idIMP_FOOTER_XSS.NASL
descriptionAccording to its version, the remote installation of IMP fails to fully sanitize user-supplied input when setting the parent frame
last seen2020-06-01
modified2020-06-02
plugin id18139
published2005-04-26
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18139
titleIMP common-footer.inc Parent Frame Page Title XSS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(18139);
  script_version("1.16");
  script_cvs_date("Date: 2018/08/10 18:07:05");

  script_cve_id("CVE-2005-1319");

  script_name(english:"IMP common-footer.inc Parent Frame Page Title XSS");
  script_summary(english:"Checks for cross-site scripting vulnerability in IMP common-footer.inc");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is prone to a cross-
site scripting attack.");
  script_set_attribute(attribute:"description", value:
"According to its version, the remote installation of IMP fails to fully
sanitize user-supplied input when setting the parent frame's page title
by JavaScript in 'templates/common-footer.inc'.  By leveraging this
flaw, an attacker may be able to inject arbitrary HTML and script code
into a user's browser to be executed in the context of the affected web
site, thereby resulting in the theft of session cookies and similar
attacks.");
  script_set_attribute(attribute:"see_also", value:"https://lists.horde.org/archives/imp/Week-of-Mon-20050418/041912.html" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to IMP 3.2.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/26");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/22");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:horde:imp");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencies("imp_detect.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  script_require_keys("www/PHP");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);


# Test an install.
install = get_kb_item(string("www/", port, "/imp"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
  ver = matches[1];
  if (ver =~ "^([0-2]|3\.([01]|2$|2\.[0-7]([^0-9]|$)))")
  {
   security_warning(port);
   set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  }
}

References