CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2005-1319
https://notcve.org/view.php?id=CVE-2005-1319
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.119&r2=1.389.2.125&ty=h http://lists.horde.org/archives/imp/Week-of-Mon-20050418/041912.html http://secunia.com/advisories/15080 •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2004-1443
https://notcve.org/view.php?id=CVE-2004-1443
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h http://secunia.com/advisories/12202 http://www.gentoo.org/security/en/glsa/glsa-200408-07.xml http://www.securityfocus.com/bid/10845 https://exchange.xforce.ibmcloud.com/vulnerabilities/16866 •
CVSS: 6.8EPSS: 2%CPEs: 18EXPL: 0CVE-2004-0584
https://notcve.org/view.php?id=CVE-2004-0584
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. Vulnerabilidad desconocida en Hored-IMP 3.2.3 y anteriores, antes de un "arreglo de seguridad" no validan adecuadamente la entrada, lo que permite a atacantes remotos ejecutar script de su elección como otro usuario mediante script o HTML, posiblemente disparando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS). • http://secunia.com/advisories/11805 http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml http://www.horde.org/imp/3.2 http://www.securityfocus.com/bid/10501 https://exchange.xforce.ibmcloud.com/vulnerabilities/16357 •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2001-0744
https://notcve.org/view.php?id=CVE-2001-0744
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html http://www.horde.org/imp/2.2/news.php •
CVSS: 3.6EPSS: 0%CPEs: 7EXPL: 1CVE-2001-1258
https://notcve.org/view.php?id=CVE-2001-1258
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 http://online.securityfocus.com/archive/1/198495 http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt http://www.debian.org/security/2001/dsa-073 http://www.iss.net/security_center/static/6906.php http://www.securityfocus.com/bid/3083 •