CVE-2009-0930

https://notcve.org/view.php?id=CVE-2009-0930

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde IMP anterior a v4.2.2 y v4.3.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar (1) smime.php, (2) pgp.php, y (3) message.php. • http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3 http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375 http://lists.horde.org/archives/announce/2009/000484.html http://lists.horde.org/archives/announce/2009/000485.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/33719 http://secunia.com/advisories/34418 http://secunia.com/advisories/34703 http://www.debian.org/security/2009/dsa&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •