CVE-2012-0791
published 2012-01-24CVE-2012-0791: Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to…
PriorityP274medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.44%
82.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
Affected
107 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | dynamic_imp | <= 5.0.17 | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
| horde | dynamic_imp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the Horde IMP compose page for unsanitized input in the 'composeCache', 'rtemode', or 'filename_*' parameters, which are XSS injection points. ↗
- →Monitor HTTP requests to the Horde IMP contacts popup window for unsanitized input in the 'formname' parameter, which is an XSS injection point. ↗
- →Monitor for XSS payloads delivered via IMAP mailbox names in Horde IMP, as certain IMAP mailbox names are not sanitized before rendering. ↗
- →The XSS vulnerabilities affect the traditional (non-AJAX) compose view; focus detection efforts on that rendering path. ↗
- ·CVE-2012-0791 covers XSS in the compose page, contacts popup, and IMAP mailbox names (fixed in Horde IMP v5.0.18 / Webmail 4.0.6). CVE-2012-0909 is a separate, related XSS in email validation via the Form library, only affecting Webmail 4.0.6 — do not conflate the two. ↗
- ·The upstream patch for multiple XSS flaws (commit 41136ea) requires backporting for Horde IMP v4 (e.g., imp-4.3.9); the email-validation patch (commit 208eae4) does not apply to the v4 branch shipped in Fedora/EPEL. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2j7j-jvr9-h35r: Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5
ghsa_unreviewed·2022-05-14
CVE-2012-0791 [MEDIUM] CWE-79 GHSA-2j7j-jvr9-h35r: Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
VulnCheck
horde dynamic_imp Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2012·CVSS 4.3
CVE-2012-0791 [MEDIUM] horde dynamic_imp Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
horde dynamic_imp Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
Affected: horde dynamic_imp
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/v
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [epel-5]
bugzilla·2012-01-21·CVSS 4.3
CVE-2012-0791 [MEDIUM] CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [epel-5]
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=securi
Bugzilla
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18
bugzilla·2012-01-21·CVSS 4.3
CVE-2012-0791 [MEDIUM] CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18
Multiple XSS flaws were adressed in the v5.0.18 version of Horde IMP (from [1]):
"[mms] SECURITY: Fix XSS vulnerabilities on the compose page (traditional
view), the contacts popup window, and with certain IMAP mailbox names."
References:
[1] http://www.horde.org/apps/imp/docs/CHANGES
[2] http://www.horde.org/apps/imp/docs/RELEASE_NOTES
[3] http://secunia.com/advisories/47580
[4] https://bugs.gentoo.org/show_bug.cgi?id=399563
Upstream patches:
[5] https://github.com/horde/horde/commit/41136ea893b3d5a84c6228a552f8e211c90f58de
(multiple XSS flaws)
[6] https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25
(XSS in email validation)
Discussion:
CVE Request:
[7] http://www.openwall.com/lists/oss-s
Bugzilla
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [fedora-all]
bugzilla·2012-01-21·CVSS 4.3
CVE-2012-0791 [MEDIUM] CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [fedora-all]
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=se
Bugzilla
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [epel-6]
bugzilla·2012-01-21·CVSS 4.3
CVE-2012-0791 [MEDIUM] CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [epel-6]
CVE-2012-0791 CVE-2012-0909 imp: Multiple XSS flaws fixed in v5.0.18 [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=securi
http://secunia.com/advisories/47580http://secunia.com/advisories/47592http://www.debian.org/security/2012/dsa-2485http://www.horde.org/apps/imp/docs/CHANGEShttp://www.horde.org/apps/imp/docs/RELEASE_NOTEShttp://www.horde.org/apps/webmail/docs/CHANGEShttp://www.horde.org/apps/webmail/docs/RELEASE_NOTEShttp://www.openwall.com/lists/oss-security/2012/01/22/2http://www.securityfocus.com/bid/51586http://www.securitytracker.com/id?1026553http://www.securitytracker.com/id?1026554http://secunia.com/advisories/47580http://secunia.com/advisories/47592http://www.debian.org/security/2012/dsa-2485http://www.horde.org/apps/imp/docs/CHANGEShttp://www.horde.org/apps/imp/docs/RELEASE_NOTEShttp://www.horde.org/apps/webmail/docs/CHANGEShttp://www.horde.org/apps/webmail/docs/RELEASE_NOTEShttp://www.openwall.com/lists/oss-security/2012/01/22/2http://www.securityfocus.com/bid/51586http://www.securitytracker.com/id?1026553http://www.securitytracker.com/id?1026554
2012-01-24
Published
Exploited in the wild