CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 1CVE-2010-3693
https://notcve.org/view.php?id=CVE-2010-3693
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Horde Dynamic IMP (DIMP) antes de v1.1.5, y Horde Groupware Webmail Edition antes de v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con nombres de buzón mostrar. • http://bugs.horde.org/ticket/9240 http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d http://lists.horde.org/archives/announce/2010/000561.html http://lists.horde.org/archives/ann • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 73EXPL: 0CVE-2010-4778
https://notcve.org/view.php?id=CVE-2010-4778
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php en Horde IMP antes de v4.3.8, y Horde Groupware Webmail Edition anterior a v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos ( 1 ) nombre de usuario (también conocido como fmusername ), ( 2 ) contraseña ( fmpassword alias ), o (3 ) servidor ( también conocido como fmserver ) de la acción fetchmail_prefs_save, relacionados con la configuración de Fetchmail, una cuestión diferente a CVE - 2010-3695. NOTA: algunos de estos detalles han sido obtenidos de información de terceros.. • http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 http://www.vupen.com/english/advisories/2010/2513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 73EXPL: 7CVE-2010-3695 – Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection
https://notcve.org/view.php?id=CVE-2010-3695
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php in Horde IMP anterior a v4.3.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro fm_id en una acción fetchmail_prefs_save, relacionado con la configuración de Fetchmail. • https://www.exploit-db.com/exploits/34773 http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584 http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 79EXPL: 2CVE-2009-4363
https://notcve.org/view.php?id=CVE-2009-4363
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." Text_Filter/lib/Horde/Text/Filter/Xss.php en Horde Application Framework versiones anteriores a v3.3.6, Horde Groupware versiones anteriores a v1.2.5, y Horde Groupware Webmail Edition versiones anteriores a v1.2.5 no maneja adecuadamente data: URIs, permitiendo a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores data:text/html para el atributo HREF de un elemento A en un mensaje HTML de correo electrónico. NOTA: el proveedor mantiene que el incidente está causado por "una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el navegador Firefox". • http://bugs.horde.org/ticket/8715 http://bugs.horde.org/view.php?actionID=view_file&type=patch&file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch&ticket=8715 http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h http://lists.horde.org/archives/announce/2009/000529.html http://marc.info/?l=horde-announce&m=126100750018478&w=2 http://marc.info/?l=horde-announce&m=126101076422179&w=2 http://securitytracker.com/id? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 79EXPL: 6CVE-2009-3701 – Horde 3.3.5 - '/Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3701
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el interfaz de administración en Horde Application Framework versiones anteriores a v3.3.6, Horde Groupware versiones anteriores a v1.2.5, y Horde Groupware Webmail Edition versiones anteriores a v1.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el PATH_INFO en (1) phpshell.php, (2) cmdshell.php, o (3) sqlshell.php en admin/, relacionado con la variable PHP_SELF. Horde version 3.3.5 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/33408 https://www.exploit-db.com/exploits/33407 https://www.exploit-db.com/exploits/10512 https://www.exploit-db.com/exploits/33406 http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h http://lists.horde.org/archives/announce/2009/000529.html http://marc.info/?l=horde-announce&m=126100750018478&w=2 http://marc.info/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •