CVE-2006-4255
published 2006-08-21CVE-2006-4255: Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.62%
73.1th percentile
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | groupware | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | horde | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q5ww-rhx4-prr5: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1679 [MEDIUM] CWE-79 GHSA-q5ww-rhx4-prr5: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages.
GHSA
GHSA-r49p-c6px-c2gm: Cross-site scripting (XSS) vulnerability in horde/imp/search
ghsa_unreviewed·2022-05-01
CVE-2006-4255 [MEDIUM] GHSA-r49p-c6px-c2gm: Cross-site scripting (XSS) vulnerability in horde/imp/search
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.horde.org/archives/announce/2006/000294.htmlhttp://secunia.com/advisories/21533http://securityreason.com/securityalert/1423http://securitytracker.com/id?1016713http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457http://www.securityfocus.com/archive/1/443361/100/0/threadedhttp://www.securityfocus.com/bid/19544http://www.vupen.com/english/advisories/2006/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/28409http://lists.horde.org/archives/announce/2006/000294.htmlhttp://secunia.com/advisories/21533http://securityreason.com/securityalert/1423http://securitytracker.com/id?1016713http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457http://www.securityfocus.com/archive/1/443361/100/0/threadedhttp://www.securityfocus.com/bid/19544http://www.vupen.com/english/advisories/2006/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/28409
2006-08-21
Published