Vulnerabilities > Horde > IMP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1319 | Cross-Site Scripting vulnerability in IMP Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. network horde | 4.3 |
2004-12-31 | CVE-2004-1443 | HTML Injection vulnerability in Horde IMP HTML+TIME Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. network horde | 4.3 |
2004-08-06 | CVE-2004-0584 | HTML Injection vulnerability in Horde IMP Email Header Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. network horde | 6.8 |
2000-12-19 | CVE-2000-0911 | Unspecified vulnerability in Horde IMP 2.0/2.2 IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | 5.0 |