Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3695Cross-site Scripting in Groupware

CWE-79Cross-site Scripting7 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Horde GroupwareHorde IMP
Timeline
PublishedMar 31
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDhorde/groupware1.2.6+22
NVDhorde/imp4.3.7+40

Patches

Patch: bugs.debian.orgPatch: git.horde.orgPatch: lists.horde.org

🔴Vulnerability Details

2
GHSA
GHSA-6vvf-h2fv-cp93: Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs2022-05-14
GHSA
GHSA-f4jp-cg66-wxqc: Cross-site scripting (XSS) vulnerability in fetchmailprefs2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection2010-09-27

💬Community

2
Bugzilla
CVE-2010-3695 imp: XSS flaw in fetchmail configuration [fedora-all]2010-10-07
Bugzilla
CVE-2010-3695 imp: XSS flaw in fetchmail configuration2010-10-07