Vulnerabilities > CVE-2007-1515 - Input Validation vulnerability in Horde IMP Webmail Client
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Exploit-Db
| description | Horde IMP Webmail 4.0.4 Client Multiple Input Validation Vulnerabilities. CVE-2007-1515 . Webapps exploit for php platform |
| id | EDB-ID:29742 |
| last seen | 2016-02-03 |
| modified | 2007-03-15 |
| published | 2007-03-15 |
| reporter | Immerda Project Group |
| source | https://www.exploit-db.com/download/29742/ |
| title | Horde IMP Webmail <= 4.0.4 Client Multiple Input Validation Vulnerabilities |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html
- http://lists.horde.org/archives/announce/2007/000316.html
- http://secunia.com/advisories/24541
- http://www.securityfocus.com/archive/1/462914/100/0/threaded
- http://www.securityfocus.com/bid/22975
- http://www.securitytracker.com/id?1017774
- http://www.vupen.com/english/advisories/2007/0964