CVE-2008-3823
published 2008-09-12CVE-2008-3823: Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.98%
85.6th percentile
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | horde | — | — |
| horde | horde | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
horde: XSS via filename of MIME attachments (oCERT-2008-012)
vendor_redhat·CVSS 4.3
CVE-2008-3823 [MEDIUM] horde: XSS via filename of MIME attachments (oCERT-2008-012)
horde: XSS via filename of MIME attachments (oCERT-2008-012)
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
GHSA
GHSA-2rw3-m7rg-9xch: Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents
ghsa_unreviewed·2022-05-02
CVE-2008-3823 [MEDIUM] CWE-79 GHSA-2rw3-m7rg-9xch: Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
No detection rules found.
Bugzilla
CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
bugzilla·2008-09-11·CVSS 4.3
CVE-2008-3823 [MEDIUM] CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
oCERT reported an XSS vulnerability discovered by Alexios Fakos affecting horde:
Horde framework fails to properly sanitize the filename of MIME attachments
on received emails.
According to oCERT, this affects 3.2.x versions of Horde.
References:
http://www.ocert.org/advisories/ocert-2008-012.html
Patch:
http://ocert.org/patches/2008-012/MIME.patch
Discussion:
Advisory from the reporter:
http://marc.info/?l=full-disclosure&m=122113948918864&w=4
---
Horde Application Framework version 3.2.2 announced on September 10th 2008 fixed this:
The Horde Team is pleased to announce the final release of the Horde
Application Framework version 3.2.2.
This is a security release that fixes unescaped output in the MIME l
Bugzilla
CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
bugzilla·2008-09-11·CVSS 4.3
CVE-2008-3824 [MEDIUM] CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
oCERT reported an XSS vulnerability discovered by Alexios Fakos affecting horde:
Horde relies on code similar to Popoon's externalinput.php to filter out
potential XSS attacks on user-supplied input. This filter, and the original,
fail to fully sanitize user data. In particular, this filter fails to protect
against '/'s acting as spaces in both Microsoft Internet Explorer and Mozilla
Firefox.
For example, the following snippet, supplied by the reporter, is treated as
valid by the browsers but safe by the filter:
According to oCERT, this affects 3.1.x and 3.2.x versions of Horde, possibly others.
References:
http://www.ocert.org/advisories/ocert-2008-012.html
Patch:
http://ocert.org/patches/2008-012/Text_Filter.pat
http://marc.info/?l=horde-announce&m=122104360019867&w=2http://ocert.org/patches/2008-012/MIME.patchhttp://secunia.com/advisories/31842http://secunia.com/advisories/31959http://securityreason.com/securityalert/4245http://www.debian.org/security/2008/dsa-1642http://www.ocert.org/advisories/ocert-2008-012.htmlhttp://www.openwall.com/lists/oss-security/2008/09/10/1http://www.securityfocus.com/archive/1/496182/100/0/threadedhttp://www.securityfocus.com/bid/31110http://www.vupen.com/english/advisories/2008/2548https://exchange.xforce.ibmcloud.com/vulnerabilities/45030http://marc.info/?l=horde-announce&m=122104360019867&w=2http://ocert.org/patches/2008-012/MIME.patchhttp://secunia.com/advisories/31842http://secunia.com/advisories/31959http://securityreason.com/securityalert/4245http://www.debian.org/security/2008/dsa-1642http://www.ocert.org/advisories/ocert-2008-012.htmlhttp://www.openwall.com/lists/oss-security/2008/09/10/1http://www.securityfocus.com/archive/1/496182/100/0/threadedhttp://www.securityfocus.com/bid/31110http://www.vupen.com/english/advisories/2008/2548https://exchange.xforce.ibmcloud.com/vulnerabilities/45030
2008-09-12
Published