Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5565

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5565
Last Modified 07 Apr 2014 11:36:13
Published 05 Apr 2014 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5565

Summary

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.

Vulnerable Systems

Application

  • Horde Groupware 4.0

  • Horde Groupware 4.0.1

  • Horde Groupware 4.0.2

  • Horde Groupware 4.0.3

  • Horde Groupware 4.0.4

  • Horde Groupware 4.0.5

  • Horde Groupware 4.0.6

  • Horde Groupware 4.0.7

  • Horde Groupware 4.0.8

  • Horde Imp 5.0.10

  • Horde Imp 5.0.11

  • Horde Imp 5.0.12

  • Horde Imp 5.0.13

  • Horde Imp 5.0.14

  • Horde Imp 5.0.15

  • Horde Imp 5.0.16

  • Horde Imp 5.0.17

  • Horde Imp 5.0.18

  • Horde Imp 5.0.19

  • Horde Imp 5.0.20

  • Horde Imp 5.0.21

  • Horde Imp 5.0.22

  • Horde Imp 5.0.23

  • Horde Imp 5.0.4

  • Horde Imp 5.0.5

  • Horde Imp 5.0.6

  • Horde Imp 5.0.7

  • Horde Imp 5.0.8

  • Horde Imp 5.0.9


References

CONFIRM - https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2

MLIST - [oss-security] 20121123 Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.

SUSE - openSUSE-SU-2012:1626

MLIST - [announce] 20121114 Horde Groupware Webmail Edition 4.0.9 (final)

MLIST - [announce] 20121114 IMP H4 (5.0.24) (final)


Last Updated: 27 May 2016 11:04:52