Lucene search

RedhatCVE-2012-0791

HistoryJan 24, 2012 - 6:55 p.m.

CVE-2012-0791

2012-01-2418:55:01

CWE-79

redhat

web.nvd.nist.gov

cve-2012-0791

cross-site scripting

xss

vulnerabilities

horde imp

horde groupware webmail

remote attackers

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

hordedynamic_impRange≤5.0.17

hordedynamic_impMatch1.0

hordedynamic_impMatch1.0alpha

hordedynamic_impMatch1.0rc1

hordedynamic_impMatch1.0rc2

hordedynamic_impMatch1.0rc3

hordedynamic_impMatch1.1

hordedynamic_impMatch1.1rc1

hordedynamic_impMatch1.1rc2

hordedynamic_impMatch1.1.1

hordedynamic_impMatch1.1.2

hordedynamic_impMatch1.1.3

hordedynamic_impMatch1.1.4

hordedynamic_impMatch1.1.5

hordedynamic_impMatch1.1.6

hordedynamic_impMatch5.0

hordedynamic_impMatch5.0.1

hordedynamic_impMatch5.0.2

hordedynamic_impMatch5.0.3

hordedynamic_impMatch5.0.4

hordedynamic_impMatch5.0.5

hordedynamic_impMatch5.0.6

hordedynamic_impMatch5.0.7

hordedynamic_impMatch5.0.8

hordedynamic_impMatch5.0.9

hordedynamic_impMatch5.0.10

hordedynamic_impMatch5.0.11

hordedynamic_impMatch5.0.12

hordedynamic_impMatch5.0.13

hordedynamic_impMatch5.0.14

hordedynamic_impMatch5.0.15

hordedynamic_impMatch5.0.16

hordeimpMatch2.0

hordeimpMatch2.2

hordeimpMatch2.2.1

hordeimpMatch2.2.2

hordeimpMatch2.2.3

hordeimpMatch2.2.4

hordeimpMatch2.2.5

hordeimpMatch2.2.6

hordeimpMatch2.2.7

hordeimpMatch2.2.8

hordeimpMatch2.3

hordeimpMatch3.0

hordeimpMatch3.1

hordeimpMatch3.1.2

hordeimpMatch3.2

hordeimpMatch3.2.1

hordeimpMatch3.2.2

hordeimpMatch3.2.3

hordeimpMatch3.2.4

hordeimpMatch3.2.5

hordeimpMatch3.2.6

hordeimpMatch3.2.7

hordeimpMatch3.2.7rc1

hordeimpMatch4.0

hordeimpMatch4.0.1

hordeimpMatch4.0.2

hordeimpMatch4.0.3

hordeimpMatch4.0.4

hordeimpMatch4.1.3

hordeimpMatch4.1.5

hordeimpMatch4.1.6

hordeimpMatch4.2

hordeimpMatch4.2.1

hordeimpMatch4.2.2

hordeimpMatch4.3

hordeimpMatch4.3.1

hordeimpMatch4.3.2

hordeimpMatch4.3.3

hordeimpMatch4.3.4

hordeimpMatch4.3.5

hordeimpMatch4.3.6

hordeimpMatch4.3.7

hordeimpMatch4.3.8

hordeimpMatch4.3.9

hordeimpMatch5.0

hordeimpMatch5.0alpha1

hordeimpMatch5.0beta1

hordeimpMatch5.0rc1

hordeimpMatch5.0rc2

hordeimpMatch5.0.1

hordeimpMatch5.0.2

hordeimpMatch5.0.3

hordeimpMatch5.0.4-git

Node

hordegroupware_webmail_editionRange≤4.0.5

hordegroupware_webmail_editionMatch1.0

hordegroupware_webmail_editionMatch1.0rc1

hordegroupware_webmail_editionMatch1.0rc2

hordegroupware_webmail_editionMatch1.0.1

hordegroupware_webmail_editionMatch1.0.2

hordegroupware_webmail_editionMatch1.0.3

hordegroupware_webmail_editionMatch1.0.4

hordegroupware_webmail_editionMatch1.0.5

hordegroupware_webmail_editionMatch1.0.6

hordegroupware_webmail_editionMatch1.0.7

hordegroupware_webmail_editionMatch1.0.8

hordegroupware_webmail_editionMatch1.1

hordegroupware_webmail_editionMatch1.1rc1

hordegroupware_webmail_editionMatch1.1rc2

hordegroupware_webmail_editionMatch1.1rc3

hordegroupware_webmail_editionMatch1.1rc4

hordegroupware_webmail_editionMatch1.1.1

hordegroupware_webmail_editionMatch1.1.2

hordegroupware_webmail_editionMatch1.1.3

hordegroupware_webmail_editionMatch1.1.4

hordegroupware_webmail_editionMatch1.1.5

hordegroupware_webmail_editionMatch1.1.6

hordegroupware_webmail_editionMatch1.2

hordegroupware_webmail_editionMatch1.2rc1

hordegroupware_webmail_editionMatch1.2.1

hordegroupware_webmail_editionMatch1.2.2

hordegroupware_webmail_editionMatch1.2.3

hordegroupware_webmail_editionMatch1.2.3rc1

hordegroupware_webmail_editionMatch1.2.4

hordegroupware_webmail_editionMatch1.2.5

hordegroupware_webmail_editionMatch1.2.6

hordegroupware_webmail_editionMatch1.2.7

hordegroupware_webmail_editionMatch1.2.8

hordegroupware_webmail_editionMatch1.2.9

hordegroupware_webmail_editionMatch1.2.10

hordegroupware_webmail_editionMatch4.0

hordegroupware_webmail_editionMatch4.0rc1

hordegroupware_webmail_editionMatch4.0rc2

hordegroupware_webmail_editionMatch4.0.1

hordegroupware_webmail_editionMatch4.0.2

hordegroupware_webmail_editionMatch4.0.3

hordegroupware_webmail_editionMatch4.0.4

VendorProductVersionCPE
hordeimp4.3.4cpe:/a:horde:imp:4.3.4:::
hordeimp4.3.3cpe:/a:horde:imp:4.3.3:::
hordedynamic_impcpe:/a:horde:dynamic_imp::::
hordeimp2.2.8cpe:/a:horde:imp:2.2.8:::
hordeimp4.3.2cpe:/a:horde:imp:4.3.2:::
hordeimp4.3.9cpe:/a:horde:imp:4.3.9:::
hordeimp4.0.4cpe:/a:horde:imp:4.0.4:::
hordedynamic_imp1.1cpe:/a:horde:dynamic_imp:1.1:::
hordeimp2.2.3cpe:/a:horde:imp:2.2.3:::
hordeimp3.1.2cpe:/a:horde:imp:3.1.2:::

Vendor	Product	Version	CPE
horde	imp	4.3.4	cpe:/a:horde:imp:4.3.4:::
horde	imp	4.3.3	cpe:/a:horde:imp:4.3.3:::
horde	dynamic_imp		cpe:/a:horde:dynamic_imp::::
horde	imp	2.2.8	cpe:/a:horde:imp:2.2.8:::
horde	imp	4.3.2	cpe:/a:horde:imp:4.3.2:::
horde	imp	4.3.9	cpe:/a:horde:imp:4.3.9:::
horde	imp	4.0.4	cpe:/a:horde:imp:4.0.4:::
horde	dynamic_imp	1.1	cpe:/a:horde:dynamic_imp:1.1:::
horde	imp	2.2.3	cpe:/a:horde:imp:2.2.3:::
horde	imp	3.1.2	cpe:/a:horde:imp:3.1.2:::