Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0909

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0909
Last Modified 26 Jan 2012 11:00:31
Published 24 Jan 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0909

Summary

Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Horde Groupware Webmail Edition 1.0

  • Horde Groupware Webmail Edition 1.0.1

  • Horde Groupware Webmail Edition 1.0.2

  • Horde Groupware Webmail Edition 1.0.3

  • Horde Groupware Webmail Edition 1.0.4

  • Horde Groupware Webmail Edition 1.0.5

  • Horde Groupware Webmail Edition 1.0.6

  • Horde Groupware Webmail Edition 1.0.7

  • Horde Groupware Webmail Edition 1.0.8

  • Horde Groupware Webmail Edition 1.1

  • Horde Groupware Webmail Edition 1.1.1

  • Horde Groupware Webmail Edition 1.1.2

  • Horde Groupware Webmail Edition 1.1.3

  • Horde Groupware Webmail Edition 1.1.4

  • Horde Groupware Webmail Edition 1.1.5

  • Horde Groupware Webmail Edition 1.1.6

  • Horde Groupware Webmail Edition 1.2

  • Horde Groupware Webmail Edition 1.2.1

  • Horde Groupware Webmail Edition 1.2.10

  • Horde Groupware Webmail Edition 1.2.2

  • Horde Groupware Webmail Edition 1.2.3

  • Horde Groupware Webmail Edition 1.2.4

  • Horde Groupware Webmail Edition 1.2.5

  • Horde Groupware Webmail Edition 1.2.6

  • Horde Groupware Webmail Edition 1.2.7

  • Horde Groupware Webmail Edition 1.2.8

  • Horde Groupware Webmail Edition 1.2.9

  • Horde Groupware Webmail Edition 4.0

  • Horde Groupware Webmail Edition 4.0.1

  • Horde Groupware Webmail Edition 4.0.2

  • Horde Groupware Webmail Edition 4.0.3

  • Horde Groupware Webmail Edition 4.0.4

  • Horde Groupware Webmail Edition 4.0.5


References

BID - 51586

MLIST - [oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws

CONFIRM - http://www.horde.org/apps/webmail/docs/RELEASE_NOTES

CONFIRM - http://www.horde.org/apps/webmail/docs/CHANGES

SECUNIA - 47592


Last Updated: 27 May 2016 10:57:24