CVE-2007-1515
Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde IMP H3 4.1.3 y, posiblemente, versiones anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cabecera del Subject de los email en el thread.php,(2) el parámetro edit_query del search.php u otros parámetros sin especificar en el search.php. NOTA: algunos de los detalles se obtienen a partir de la información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-03-15 First Exploit
- 2007-03-20 CVE Reserved
- 2007-03-20 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/24541 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/462914/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/22975 | Vdb Entry | |
| http://www.securitytracker.com/id?1017774 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0964 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29742 | 2007-03-15 | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.horde.org/archives/announce/2007/000316.html | 2018-10-16 |
| URL | Date | SRC |
|---|