Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0791

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0791
Last Modified 26 Jan 2012 12:00:00
Published 24 Jan 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0791

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Horde Dynamic Imp 1.0

  • Horde Dynamic Imp 1.1

  • Horde Dynamic Imp 1.1.1

  • Horde Dynamic Imp 1.1.2

  • Horde Dynamic Imp 1.1.3

  • Horde Dynamic Imp 1.1.4

  • Horde Dynamic Imp 1.1.5

  • Horde Dynamic Imp 1.1.6

  • Horde Dynamic Imp 5.0

  • Horde Dynamic Imp 5.0.1

  • Horde Dynamic Imp 5.0.10

  • Horde Dynamic Imp 5.0.11

  • Horde Dynamic Imp 5.0.12

  • Horde Dynamic Imp 5.0.13

  • Horde Dynamic Imp 5.0.14

  • Horde Dynamic Imp 5.0.15

  • Horde Dynamic Imp 5.0.16

  • Horde Dynamic Imp 5.0.17

  • Horde Dynamic Imp 5.0.2

  • Horde Dynamic Imp 5.0.3

  • Horde Dynamic Imp 5.0.4

  • Horde Dynamic Imp 5.0.5

  • Horde Dynamic Imp 5.0.6

  • Horde Dynamic Imp 5.0.7

  • Horde Dynamic Imp 5.0.8

  • Horde Dynamic Imp 5.0.9

  • Horde Groupware Webmail Edition 1.0

  • Horde Groupware Webmail Edition 1.0.1

  • Horde Groupware Webmail Edition 1.0.2

  • Horde Groupware Webmail Edition 1.0.3

  • Horde Groupware Webmail Edition 1.0.4

  • Horde Groupware Webmail Edition 1.0.5

  • Horde Groupware Webmail Edition 1.0.6

  • Horde Groupware Webmail Edition 1.0.7

  • Horde Groupware Webmail Edition 1.0.8

  • Horde Groupware Webmail Edition 1.1

  • Horde Groupware Webmail Edition 1.1.1

  • Horde Groupware Webmail Edition 1.1.2

  • Horde Groupware Webmail Edition 1.1.3

  • Horde Groupware Webmail Edition 1.1.4

  • Horde Groupware Webmail Edition 1.1.5

  • Horde Groupware Webmail Edition 1.1.6

  • Horde Groupware Webmail Edition 1.2

  • Horde Groupware Webmail Edition 1.2.1

  • Horde Groupware Webmail Edition 1.2.10

  • Horde Groupware Webmail Edition 1.2.2

  • Horde Groupware Webmail Edition 1.2.3

  • Horde Groupware Webmail Edition 1.2.4

  • Horde Groupware Webmail Edition 1.2.5

  • Horde Groupware Webmail Edition 1.2.6

  • Horde Groupware Webmail Edition 1.2.7

  • Horde Groupware Webmail Edition 1.2.8

  • Horde Groupware Webmail Edition 1.2.9

  • Horde Groupware Webmail Edition 4.0

  • Horde Groupware Webmail Edition 4.0.1

  • Horde Groupware Webmail Edition 4.0.2

  • Horde Groupware Webmail Edition 4.0.3

  • Horde Groupware Webmail Edition 4.0.4

  • Horde Groupware Webmail Edition 4.0.5

  • Horde Imp 2.0

  • Horde Imp 2.2

  • Horde Imp 2.2.1

  • Horde Imp 2.2.2

  • Horde Imp 2.2.3

  • Horde Imp 2.2.4

  • Horde Imp 2.2.5

  • Horde Imp 2.2.6

  • Horde Imp 2.2.7

  • Horde Imp 2.2.8

  • Horde Imp 2.3

  • Horde Imp 3.0

  • Horde Imp 3.1

  • Horde Imp 3.1.2

  • Horde Imp 3.2

  • Horde Imp 3.2.1

  • Horde Imp 3.2.2

  • Horde Imp 3.2.3

  • Horde Imp 3.2.4

  • Horde Imp 3.2.5

  • Horde Imp 3.2.6

  • Horde Imp 3.2.7

  • Horde Imp 4.0

  • Horde Imp 4.0.1

  • Horde Imp 4.0.2

  • Horde Imp 4.0.3

  • Horde Imp 4.0.4

  • Horde Imp 4.1.3

  • Horde Imp 4.1.5

  • Horde Imp 4.1.6

  • Horde Imp 4.2

  • Horde Imp 4.2.1

  • Horde Imp 4.2.2

  • Horde Imp 4.3

  • Horde Imp 4.3.1

  • Horde Imp 4.3.2

  • Horde Imp 4.3.3

  • Horde Imp 4.3.4

  • Horde Imp 4.3.5

  • Horde Imp 4.3.6

  • Horde Imp 4.3.7

  • Horde Imp 4.3.8

  • Horde Imp 4.3.9

  • Horde Imp 5.0

  • Horde Imp 5.0.1

  • Horde Imp 5.0.2

  • Horde Imp 5.0.3

  • Horde Imp 5.0.4-git


References

SECTRACK - 1026554

SECTRACK - 1026553

BID - 51586

MLIST - [oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws

CONFIRM - http://www.horde.org/apps/webmail/docs/RELEASE_NOTES

CONFIRM - http://www.horde.org/apps/webmail/docs/CHANGES

CONFIRM - http://www.horde.org/apps/imp/docs/RELEASE_NOTES

CONFIRM - http://www.horde.org/apps/imp/docs/CHANGES

SECUNIA - 47592

SECUNIA - 47580


Last Updated: 27 May 2016 10:58:06