Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6640

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6640
Last Modified 07 Apr 2014 11:23:41
Published 05 Apr 2014 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6640

Summary

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

Vulnerable Systems

Application

  • Horde Groupware 4.0

  • Horde Groupware 4.0.1

  • Horde Groupware 4.0.2

  • Horde Groupware 4.0.3

  • Horde Groupware 4.0.4

  • Horde Groupware 4.0.5

  • Horde Groupware 4.0.6

  • Horde Groupware 4.0.7

  • Horde Groupware 4.0.8

  • Horde Imp 5.0

  • Horde Imp 5.0.1

  • Horde Imp 5.0.10

  • Horde Imp 5.0.11

  • Horde Imp 5.0.12

  • Horde Imp 5.0.13

  • Horde Imp 5.0.14

  • Horde Imp 5.0.15

  • Horde Imp 5.0.16

  • Horde Imp 5.0.17

  • Horde Imp 5.0.18

  • Horde Imp 5.0.19

  • Horde Imp 5.0.2

  • Horde Imp 5.0.20

  • Horde Imp 5.0.21

  • Horde Imp 5.0.3

  • Horde Imp 5.0.4

  • Horde Imp 5.0.5

  • Horde Imp 5.0.6

  • Horde Imp 5.0.7

  • Horde Imp 5.0.8

  • Horde Imp 5.0.9


References

CONFIRM - https://github.com/horde/horde/commit/08c699f744b6d2be1a5f3a2ba7203f4631b4c5dc

MLIST - [announce] 20121114 Horde Groupware Webmail Edition 4.0.9 (final)

MLIST - [announce] 20120626 IMP H4 (5.0.22) (final)


Last Updated: 27 May 2016 11:04:52