Vulnerabilities > Horde > IMP > 2.2.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-05 | CVE-2012-6640 | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. | 4.3 |
| 2014-04-05 | CVE-2012-5565 | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. | 4.3 |
| 2011-04-04 | CVE-2010-4778 | Cross-Site Scripting vulnerability in Horde Groupware and IMP Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. | 4.3 |
| 2011-03-31 | CVE-2010-3695 | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. | 4.3 |
| 2010-01-29 | CVE-2010-0463 | Information Exposure vulnerability in Horde IMP Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
| 2007-03-20 | CVE-2007-1515 | Input Validation vulnerability in Horde IMP Webmail Client Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. network horde | 4.3 |
| 2007-03-16 | CVE-2007-1474 | Unspecified vulnerability in Horde Application Framework and IMP Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. network horde | 6.8 |
| 2006-08-21 | CVE-2006-4255 | Cross-Site Scripting vulnerability in Horde Products Search.PHP Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. network horde | 4.3 |
| 2005-12-08 | CVE-2005-4080 | Unspecified vulnerability in Horde IMP Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. network horde | 4.3 |
| 2005-05-02 | CVE-2005-1319 | Cross-Site Scripting vulnerability in IMP Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. network horde | 4.3 |