Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1443

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-1443
Last Modified 05 Sep 2008 04:41:23
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1443

Summary

Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

Vulnerable Systems

Application

  • Horde Imp 2.0

  • Horde Imp 2.2

  • Horde Imp 2.2.1

  • Horde Imp 2.2.2

  • Horde Imp 2.2.3

  • Horde Imp 2.2.4

  • Horde Imp 2.2.5

  • Horde Imp 2.2.6

  • Horde Imp 2.2.7

  • Horde Imp 2.2.8

  • Horde Imp 2.3

  • Horde Imp 3.0

  • Horde Imp 3.1

  • Horde Imp 3.1.2

  • Horde Imp 3.2

  • Horde Imp 3.2.1

  • Horde Imp 3.2.2

  • Horde Imp 3.2.3

  • Horde Imp 3.2.4


References

BID - 10845

GENTOO - GLSA-200408-07

SECUNIA - 12202

XF - imp-html-viewer-xss(16866)

CONFIRM - http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h


Last Updated: 27 May 2016 10:39:02