Vulnerabilities > Horde > IMP > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-01-17 | CVE-2003-0025 | SQL Injection vulnerability in Horde IMP Database Files Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | 7.5 |
2002-04-22 | CVE-2002-0181 | Cross-Site Scripting vulnerability in Horde IMP Status.PHP3 Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | 7.5 |
2001-07-21 | CVE-2001-1257 | Unspecified vulnerability in Horde IMP Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | 7.5 |