XSS in Horde Dynamic_imp
CVE-2012-0791
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) fil…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (70.4th percentile) — read the EPSS interpretation.
Affected products
- Horde Dynamic_imp — versions 1.0, 1.1, 1.1.1
- Horde Groupware_webmail_edition — versions 1.0, 1.0.1, 1.0.2
- Horde Imp — versions 2.0, 2.2, 2.2.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM)
- DSA-2485 (vendor-advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_CONFIRM)
- 1026553 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM)
- 51586 (vdb-entry, x_refsource_BID)
- 47580 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 1026554 (vdb-entry, x_refsource_SECTRACK)
- [oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2012-0791?
- CVE-2012-0791 is a vulnerability in Horde Dynamic_imp, classified under Cross-site Scripting. Published 2012-01-24.
- Is CVE-2012-0791 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.