Debian Php-Horde-Imp vulnerabilities

5 known vulnerabilities affecting debian/php-horde-imp.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-30349HIGHCVSS 7.2fixed in php-horde-imp 6.2.27-2+deb11u1 (bullseye)2025
CVE-2025-30349 [HIGH] CVE-2025-30349: php-horde-imp - Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.2... Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025. Scope: local bookworm: open bullseye: resolved (fixed in 6.2.27-2+deb11u1) sid: open
debian
CVE-2014-4946MEDIUMCVSS 4.3fixed in php-horde-imp 6.2.0-1 (bookworm)2014
CVE-2014-4946 [MEDIUM] CVE-2014-4946: php-horde-imp - Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Progr... Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. Scope: local bookworm: resolved (fixed in 6.2.0-1) bullseye: re
debian
CVE-2014-4945MEDIUMCVSS 4.3fixed in php-horde-imp 6.2.0-1 (bookworm)2014
CVE-2014-4945 [MEDIUM] CVE-2014-4945: php-horde-imp - Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Progr... Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. Scope: local bookworm: resolved (fixed in 6.2.0-1) bullseye: resolved
debian
CVE-2012-6640MEDIUMCVSS 4.3fixed in php-horde-imp 5.0.22 (bookworm)2012
CVE-2012-6640 [MEDIUM] CVE-2012-6640: php-horde-imp - Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) be... Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. Scope: local bookworm: resolved (fixed in 5.0.22) bullseye: resolve
debian
CVE-2012-5565LOWCVSS 4.32012
CVE-2012-5565 [MEDIUM] CVE-2012-5565: php-horde-imp - Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet... Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. Scope: local bookworm: resolved bullseye: resolved sid: r
debian