CVE-2010-3693 — Cross-site Scripting in Dynamic IMP

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 28.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Horde Dynamic IMP Horde Groupware

Timeline

PublishedApr 4

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDhorde/groupware1.2.6+22

▶NVDhorde/dynamic_imp1.1.4+5

Patches

Patch: bugs.horde.org ↗Patch: git.horde.org ↗Patch: git.horde.org ↗

🔴Vulnerability Details

GHSA

GHSA-rhqp-4h92-3mxh: Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Persits XUpload - ActiveX MakeHttpRequest Directory Traversal (Metasploit)↗2010-11-11

▶