Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0584

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0584
Last Modified 05 Sep 2008 04:38:49
Published 06 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0584

Summary

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.

Vulnerable Systems

Application

  • Horde Imp 2.0

  • Horde Imp 2.2

  • Horde Imp 2.2.1

  • Horde Imp 2.2.2

  • Horde Imp 2.2.3

  • Horde Imp 2.2.4

  • Horde Imp 2.2.5

  • Horde Imp 2.2.6

  • Horde Imp 2.2.7

  • Horde Imp 2.2.8

  • Horde Imp 2.3

  • Horde Imp 3.0

  • Horde Imp 3.1

  • Horde Imp 3.1.2

  • Horde Imp 3.2

  • Horde Imp 3.2.1

  • Horde Imp 3.2.2

  • Horde Imp 3.2.3


References

XF - imp-content-type-xss(16357)

BID - 10501

MISC - http://www.horde.org/imp/3.2/

GENTOO - GLSA-200406-11

SECUNIA - 11805


Last Updated: 27 May 2016 10:38:40