CVE-2012-6640
published 2014-04-05CVE-2012-6640: Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.83%
76.2th percentile
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-horde-imp | < php-horde-imp 5.0.22 (bookworm) | php-horde-imp 5.0.22 (bookworm) |
| horde | groupware | <= 4.0.8 | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | imp | <= 5.0.21 | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
| horde | imp | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Horde Groupware up to 4.0.8 cross site scripting
vuldb·2026-05-09·CVSS 4.3
CVE-2012-6640 [MEDIUM] Horde Groupware up to 4.0.8 cross site scripting
A vulnerability described as problematic has been identified in Horde Groupware up to 4.0.8. The impacted element is an unknown function. The manipulation results in cross site scripting.
This vulnerability is identified as CVE-2012-6640. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
GHSA
GHSA-rh3v-pr53-rxj5: Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-6640 [MEDIUM] CWE-79 GHSA-rh3v-pr53-rxj5: Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.
OSV
CVE-2012-6640: Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5
osv·2014-04-05·CVSS 4.3
CVE-2012-6640 [MEDIUM] CVE-2012-6640: Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.
Debian
CVE-2012-6640: php-horde-imp - Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) be...
vendor_debian·2012·CVSS 4.3
CVE-2012-6640 [MEDIUM] CVE-2012-6640: php-horde-imp - Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) be...
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.
Scope: local
bookworm: resolved (fixed in 5.0.22)
bullseye: resolved (fixed in 5.0.22)
sid: resolved (fixed in 5.0.22)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.horde.org/archives/announce/2012/000775.htmlhttp://lists.horde.org/archives/announce/2012/000840.htmlhttps://github.com/horde/horde/commit/08c699f744b6d2be1a5f3a2ba7203f4631b4c5dchttp://lists.horde.org/archives/announce/2012/000775.htmlhttp://lists.horde.org/archives/announce/2012/000840.htmlhttps://github.com/horde/horde/commit/08c699f744b6d2be1a5f3a2ba7203f4631b4c5dc
2014-04-05
Published