XSS in Horde Dynamic_imp

CVE-2010-3693

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox n…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (72.1th percentile) — read the EPSS interpretation.

Affected products

Horde Dynamic_imp — versions 1.0, 1.1, 1.1.1
Horde Groupware — versions 1.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final) (mailing-list, x_refsource_MLIST, Patch)
[oss-security] 20101001 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
ADV-2010-2522 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
dynamicimp-mailbox-xss(62080) (vdb-entry, x_refsource_XF)
68267 (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[announce] 20100928 DIMP H3 (1.1.5) (final) (mailing-list, x_refsource_MLIST, Patch)
41639 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)