CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 2CVE-2005-4080 – Horde IMP 2.2.x/3.2.x/4.0.x - Email Attachments HTML Injection
https://notcve.org/view.php?id=CVE-2005-4080
08 Dec 2005 — Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. • https://www.exploit-db.com/exploits/26741 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2005-1319
https://notcve.org/view.php?id=CVE-2005-1319
27 Apr 2005 — Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.119&r2=1.389.2.125&ty=h •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2004-1443
https://notcve.org/view.php?id=CVE-2004-1443
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h •
CVSS: 6.8EPSS: 1%CPEs: 18EXPL: 0CVE-2004-0584
https://notcve.org/view.php?id=CVE-2004-0584
23 Jun 2004 — Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. Vulnerabilidad desconocida en Hored-IMP 3.2.3 y anteriores, antes de un "arreglo de seguridad" no validan adecuadamente la entrada, lo que permite a atacantes remotos ejecutar script de su elección como otro usuario media... • http://secunia.com/advisories/11805 •