cbcvebase.
CVE-2012-0791
published 2012-01-24

CVE-2012-0791: Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to…

PriorityP274medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.44%
82.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.

Affected

107 ranges· showing 25
VendorProductVersion rangeFixed in
hordedynamic_imp<= 5.0.17
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp
hordedynamic_imp

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/horde/horde/commit/41136ea893b3d5a84c6228a552f8e211c90f58de
urlhttps://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25
  • Monitor HTTP requests to the Horde IMP compose page for unsanitized input in the 'composeCache', 'rtemode', or 'filename_*' parameters, which are XSS injection points.
  • Monitor HTTP requests to the Horde IMP contacts popup window for unsanitized input in the 'formname' parameter, which is an XSS injection point.
  • Monitor for XSS payloads delivered via IMAP mailbox names in Horde IMP, as certain IMAP mailbox names are not sanitized before rendering.
  • The XSS vulnerabilities affect the traditional (non-AJAX) compose view; focus detection efforts on that rendering path.
  • ·CVE-2012-0791 covers XSS in the compose page, contacts popup, and IMAP mailbox names (fixed in Horde IMP v5.0.18 / Webmail 4.0.6). CVE-2012-0909 is a separate, related XSS in email validation via the Form library, only affecting Webmail 4.0.6 — do not conflate the two.
  • ·The upstream patch for multiple XSS flaws (commit 41136ea) requires backporting for Horde IMP v4 (e.g., imp-4.3.9); the email-validation patch (commit 208eae4) does not apply to the v4 branch shipped in Fedora/EPEL.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.