Vulnerabilities > CVE-2005-4080 - Unspecified vulnerability in Horde IMP

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

horde

exploit available

NVD

Published: 2005-12-08

Updated: 2018-10-19

Summary

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

Vulnerable Configurations

Part	Description	Count
Application	Horde Horde IMP 2.0 Horde IMP 2.2 Horde IMP 2.2.1 Horde IMP 2.2.2 Horde IMP 2.2.3 Horde IMP 2.2.4 Horde IMP 2.2.5 Horde IMP 2.2.6 Horde IMP 2.2.7 Horde IMP 2.2.8 Horde IMP 2.3 Horde IMP 3.0 Horde IMP 3.1 Horde IMP 3.1.2 Horde IMP 3.2 Horde IMP 3.2.1 Horde IMP 3.2.2 Horde IMP 3.2.3 Horde IMP 3.2.4 Horde IMP 3.2.5 Horde IMP 4.0 Horde IMP 4.0.1 Horde IMP 4.0.2 Horde IMP 4.0.3 Horde IMP 4.0.4	25

Exploit-Db

description	Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability. CVE-2005-4080 . Remote exploit for linux platform
id	EDB-ID:26741
last seen	2016-02-03
modified	2005-12-06
published	2005-12-06
reporter	SEC Consult
source	https://www.exploit-db.com/download/26741/
title	Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References