Vulnerabilities > CVE-2005-4080 - Unspecified vulnerability in Horde IMP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Horde
| 25 |
Exploit-Db
description | Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability. CVE-2005-4080 . Remote exploit for linux platform |
id | EDB-ID:26741 |
last seen | 2016-02-03 |
modified | 2005-12-06 |
published | 2005-12-06 |
reporter | SEC Consult |
source | https://www.exploit-db.com/download/26741/ |
title | Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability |
References
- http://secunia.com/advisories/17910
- http://securityreason.com/securityalert/232
- http://securitytracker.com/id?1015315
- http://www.securityfocus.com/archive/1/418734/100/0/threaded
- http://www.securityfocus.com/bid/15730/
- http://www.vupen.com/english/advisories/2005/2773
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23465