Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3693

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

Published

2011-04-04T12:27:36.250

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	horde	groupware	≤ 1.2.6	Yes
Application	horde	groupware	1.0	Yes
Application	horde	groupware	1.0	Yes
Application	horde	groupware	1.0	Yes
Application	horde	groupware	1.0.1	Yes
Application	horde	groupware	1.0.2	Yes
Application	horde	groupware	1.0.3	Yes
Application	horde	groupware	1.0.4	Yes
Application	horde	groupware	1.0.5	Yes
Application	horde	groupware	1.0.6	Yes
Application	horde	groupware	1.0.7	Yes
Application	horde	groupware	1.0.8	Yes
Application	horde	groupware	1.1	Yes
Application	horde	groupware	1.1	Yes
Application	horde	groupware	1.1	Yes
Application	horde	groupware	1.1	Yes
Application	horde	groupware	1.1	Yes
Application	horde	groupware	1.1.1	Yes
Application	horde	groupware	1.1.2	Yes
Application	horde	groupware	1.1.3	Yes
Application	horde	groupware	1.1.4	Yes
Application	horde	groupware	1.1.5	Yes
Application	horde	groupware	1.1.6	Yes
Application	horde	groupware	1.2	Yes
Application	horde	groupware	1.2	Yes
Application	horde	groupware	1.2.1	Yes
Application	horde	groupware	1.2.2	Yes
Application	horde	groupware	1.2.3	Yes
Application	horde	groupware	1.2.3	Yes
Application	horde	groupware	1.2.4	Yes
Application	horde	groupware	1.2.5	Yes
Application	horde	dynamic_imp	≤ 1.1.4	Yes
Application	horde	dynamic_imp	1.0	Yes
Application	horde	dynamic_imp	1.0	Yes
Application	horde	dynamic_imp	1.0	Yes
Application	horde	dynamic_imp	1.0	Yes
Application	horde	dynamic_imp	1.0	Yes
Application	horde	dynamic_imp	1.1	Yes
Application	horde	dynamic_imp	1.1	Yes
Application	horde	dynamic_imp	1.1	Yes
Application	horde	dynamic_imp	1.1.1	Yes
Application	horde	dynamic_imp	1.1.2	Yes
Application	horde	dynamic_imp	1.1.3	Yes

References

http://bugs.horde.org/ticket/9240 Patch ([email protected])
http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h ([email protected])
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h Patch ([email protected])
http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d Patch ([email protected])
http://lists.horde.org/archives/announce/2010/000561.html Patch ([email protected])
http://lists.horde.org/archives/announce/2010/000568.html Patch ([email protected])
http://openwall.com/lists/oss-security/2010/09/30/7 Exploit, Patch ([email protected])
http://openwall.com/lists/oss-security/2010/09/30/8 Patch ([email protected])
http://openwall.com/lists/oss-security/2010/10/01/6 Patch ([email protected])
http://secunia.com/advisories/41639 Vendor Advisory ([email protected])
http://www.osvdb.org/68267 ([email protected])
http://www.vupen.com/english/advisories/2010/2522 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/62080 ([email protected])
http://bugs.horde.org/ticket/9240 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h (af854a3a-2127-422b-91ae-364da2661108)
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h Patch (af854a3a-2127-422b-91ae-364da2661108)
http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.horde.org/archives/announce/2010/000561.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.horde.org/archives/announce/2010/000568.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/09/30/7 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/09/30/8 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/10/01/6 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/41639 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/68267 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2522 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62080 (af854a3a-2127-422b-91ae-364da2661108)