CVE-2004-0584Cross-site Scripting in IMP

2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
1.1%
top 22.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Horde IMP
Timeline
PublishedAug 6
Latest updateApr 29

Description

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDhorde/imp18 versions+17

Patches

Patch: secunia.comPatch: www.gentoo.orgPatch: www.horde.org

🔴Vulnerability Details

1
GHSA
GHSA-c56g-5w2w-p8r7: Unknown vulnerability in Horde IMP 32022-04-29