CVE-2007-1679 — Cross-site Scripting in Groupware

CWE-79 — Cross-site Scripting CWE-190 — Integer Overflow or Wraparound6 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 34.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Horde Groupware

Timeline

PublishedMar 26

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDhorde/groupware1.0

🔴Vulnerability Details

GHSA

GHSA-q5ww-rhx4-prr5: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1↗2022-05-01

▶

📋Vendor Advisories

Red Hat

python: imageop module multiple integer overflows↗2008-10-19

▶

Red Hat

python: imageop module integer overflows↗2008-03-29

▶

💬Community

Bugzilla

CVE-2008-4864 python: imageop module multiple integer overflows↗2008-11-03

▶

Bugzilla

CVE-2008-1679 python: imageop module integer overflows↗2008-04-07

▶