CVE-2010-3693 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5 and Horde Groupware Webmail Edition before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

Reference

http://bugs.horde.org/ticket/9240 http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d http://lists.horde.org/archives/announce/2010/000561.html http://lists.horde.org/archives/announce/2010/000568.html http://openwall.com/lists/oss-security/2010/09/30/7 http://openwall.com/lists/oss-security/2010/09/30/8 http://openwall.com/lists/oss-security/2010/10/01/6 http://secunia.com/advisories/41639 http://www.osvdb.org/68267 http://www.vupen.com/english/advisories/2010/2522 https://exchange.xforce.ibmcloud.com/vulnerabilities/62080

Share on: