Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1515 — Cross-site Scripting in IMP

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

1.2%

top 21.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Horde IMP

Timeline

PublishedMar 20

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDhorde/imp4.1.3

Patches

Patch: lists.horde.org ↗Patch: lists.horde.org ↗

🔴Vulnerability Details

GHSA

GHSA-hwg6-5vfc-2jpw: Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities↗2007-03-15

▶