CVSS: 4.3EPSS: 0%CPEs: 128EXPL: 0CVE-2012-0791
https://notcve.org/view.php?id=CVE-2012-0791
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. Múltiples vulnerbilidades de ejecución de secuencias de comandos web en sitios cruzados (XSS) en Horde IMP anterior a v5.0.18 y Horde Groupware Webmail Edition anterior a v4.0.6 permite a atacantes remotos inyectar código HTML o script web a través de los parámetros que componen la página (1) composeCache, (2) rtemode, o (3) filename_*;(4) parámetro formname para ventanas popup; o (5) nombres de buzón IMAP. NOTA: Algunos de estos detalles han sido obtenidos de terceras partes de información. • http://secunia.com/advisories/47580 http://secunia.com/advisories/47592 http://www.debian.org/security/2012/dsa-2485 http://www.horde.org/apps/imp/docs/CHANGES http://www.horde.org/apps/imp/docs/RELEASE_NOTES http://www.horde.org/apps/webmail/docs/CHANGES http://www.horde.org/apps/webmail/docs/RELEASE_NOTES http://www.openwall.com/lists/oss-security/2012/01/22/2 http://www.securityfocus.com/bid/51586 http://www.securitytracker.com/id?1026553 http://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 1CVE-2010-3693
https://notcve.org/view.php?id=CVE-2010-3693
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Horde Dynamic IMP (DIMP) antes de v1.1.5, y Horde Groupware Webmail Edition antes de v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con nombres de buzón mostrar. • http://bugs.horde.org/ticket/9240 http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d http://lists.horde.org/archives/announce/2010/000561.html http://lists.horde.org/archives/ann • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •