Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for dynamic_imp by horde

    CVE-2012-0791 (GCVE-0-2012-0791)

    Vulnerability from nvd – Published: 2012-01-24 18:00 – Updated: 2024-08-06 18:38
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.horde.org/apps/webmail/docs/CHANGES x_refsource_CONFIRM
    http://www.debian.org/security/2012/dsa-2485 vendor-advisoryx_refsource_DEBIAN
    http://www.horde.org/apps/webmail/docs/RELEASE_NOTES x_refsource_CONFIRM
    http://www.securitytracker.com/id?1026553 vdb-entryx_refsource_SECTRACK
    http://www.horde.org/apps/imp/docs/RELEASE_NOTES x_refsource_CONFIRM
    http://www.securityfocus.com/bid/51586 vdb-entryx_refsource_BID
    http://secunia.com/advisories/47580 third-party-advisoryx_refsource_SECUNIA
    http://www.horde.org/apps/imp/docs/CHANGES x_refsource_CONFIRM
    http://www.securitytracker.com/id?1026554 vdb-entryx_refsource_SECTRACK
    http://www.openwall.com/lists/oss-security/2012/01/22/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47592 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:38:14.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
              },
              {
                "name": "DSA-2485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2485"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
              },
              {
                "name": "1026553",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026553"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
              },
              {
                "name": "51586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51586"
              },
              {
                "name": "47580",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47580"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/imp/docs/CHANGES"
              },
              {
                "name": "1026554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026554"
              },
              {
                "name": "[oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
              },
              {
                "name": "47592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47592"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-17T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
            },
            {
              "name": "DSA-2485",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2485"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
            },
            {
              "name": "1026553",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026553"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
            },
            {
              "name": "51586",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51586"
            },
            {
              "name": "47580",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47580"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/imp/docs/CHANGES"
            },
            {
              "name": "1026554",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026554"
            },
            {
              "name": "[oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
            },
            {
              "name": "47592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47592"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-0791",
        "datePublished": "2012-01-24T18:00:00.000Z",
        "dateReserved": "2012-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:38:14.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3693 (GCVE-0-2010-3693)

    Vulnerability from nvd – Published: 2011-04-01 21:00 – Updated: 2024-08-07 03:18
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:18:52.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2010/000568.html"
              },
              {
                "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.horde.org/ticket/9240"
              },
              {
                "name": "ADV-2010-2522",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2522"
              },
              {
                "name": "dynamicimp-mailbox-xss(62080)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
              },
              {
                "name": "68267",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/68267"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
              },
              {
                "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2010/000561.html"
              },
              {
                "name": "41639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41639"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
              },
              {
                "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
              },
              {
                "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2010/000568.html"
            },
            {
              "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.horde.org/ticket/9240"
            },
            {
              "name": "ADV-2010-2522",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2522"
            },
            {
              "name": "dynamicimp-mailbox-xss(62080)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
            },
            {
              "name": "68267",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/68267"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
            },
            {
              "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2010/000561.html"
            },
            {
              "name": "41639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41639"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
            },
            {
              "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
            },
            {
              "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2010-3693",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2010/000568.html"
                },
                {
                  "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
                },
                {
                  "name": "http://bugs.horde.org/ticket/9240",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.horde.org/ticket/9240"
                },
                {
                  "name": "ADV-2010-2522",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2522"
                },
                {
                  "name": "dynamicimp-mailbox-xss(62080)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
                },
                {
                  "name": "68267",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/68267"
                },
                {
                  "name": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d",
                  "refsource": "CONFIRM",
                  "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
                },
                {
                  "name": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
                },
                {
                  "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2010/000561.html"
                },
                {
                  "name": "41639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41639"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
                },
                {
                  "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
                },
                {
                  "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-3693",
        "datePublished": "2011-04-01T21:00:00.000Z",
        "dateReserved": "2010-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:18:52.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0791 (GCVE-0-2012-0791)

    Vulnerability from cvelistv5 – Published: 2012-01-24 18:00 – Updated: 2024-08-06 18:38
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.horde.org/apps/webmail/docs/CHANGES x_refsource_CONFIRM
    http://www.debian.org/security/2012/dsa-2485 vendor-advisoryx_refsource_DEBIAN
    http://www.horde.org/apps/webmail/docs/RELEASE_NOTES x_refsource_CONFIRM
    http://www.securitytracker.com/id?1026553 vdb-entryx_refsource_SECTRACK
    http://www.horde.org/apps/imp/docs/RELEASE_NOTES x_refsource_CONFIRM
    http://www.securityfocus.com/bid/51586 vdb-entryx_refsource_BID
    http://secunia.com/advisories/47580 third-party-advisoryx_refsource_SECUNIA
    http://www.horde.org/apps/imp/docs/CHANGES x_refsource_CONFIRM
    http://www.securitytracker.com/id?1026554 vdb-entryx_refsource_SECTRACK
    http://www.openwall.com/lists/oss-security/2012/01/22/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/47592 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:38:14.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
              },
              {
                "name": "DSA-2485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2485"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
              },
              {
                "name": "1026553",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026553"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
              },
              {
                "name": "51586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/51586"
              },
              {
                "name": "47580",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47580"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.horde.org/apps/imp/docs/CHANGES"
              },
              {
                "name": "1026554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026554"
              },
              {
                "name": "[oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
              },
              {
                "name": "47592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47592"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-17T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/webmail/docs/CHANGES"
            },
            {
              "name": "DSA-2485",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2485"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/webmail/docs/RELEASE_NOTES"
            },
            {
              "name": "1026553",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026553"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/imp/docs/RELEASE_NOTES"
            },
            {
              "name": "51586",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/51586"
            },
            {
              "name": "47580",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47580"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.horde.org/apps/imp/docs/CHANGES"
            },
            {
              "name": "1026554",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026554"
            },
            {
              "name": "[oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/22/2"
            },
            {
              "name": "47592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47592"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-0791",
        "datePublished": "2012-01-24T18:00:00.000Z",
        "dateReserved": "2012-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:38:14.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3693 (GCVE-0-2010-3693)

    Vulnerability from cvelistv5 – Published: 2011-04-01 21:00 – Updated: 2024-08-07 03:18
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:18:52.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2010/000568.html"
              },
              {
                "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.horde.org/ticket/9240"
              },
              {
                "name": "ADV-2010-2522",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2522"
              },
              {
                "name": "dynamicimp-mailbox-xss(62080)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
              },
              {
                "name": "68267",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/68267"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
              },
              {
                "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.horde.org/archives/announce/2010/000561.html"
              },
              {
                "name": "41639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41639"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
              },
              {
                "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
              },
              {
                "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2010/000568.html"
            },
            {
              "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.horde.org/ticket/9240"
            },
            {
              "name": "ADV-2010-2522",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2522"
            },
            {
              "name": "dynamicimp-mailbox-xss(62080)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
            },
            {
              "name": "68267",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/68267"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
            },
            {
              "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.horde.org/archives/announce/2010/000561.html"
            },
            {
              "name": "41639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41639"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
            },
            {
              "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
            },
            {
              "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2010-3693",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2010/000568.html"
                },
                {
                  "name": "[oss-security] 20101001 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2010/10/01/6"
                },
                {
                  "name": "http://bugs.horde.org/ticket/9240",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.horde.org/ticket/9240"
                },
                {
                  "name": "ADV-2010-2522",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2522"
                },
                {
                  "name": "dynamicimp-mailbox-xss(62080)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62080"
                },
                {
                  "name": "68267",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/68267"
                },
                {
                  "name": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d",
                  "refsource": "CONFIRM",
                  "url": "http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git\u0026r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb\u0026r2=48913cf3af81875d6e5c6f32e030c5913f22f25d"
                },
                {
                  "name": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde\u0026r1=1.35.2.11\u0026r2=1.35.2.13\u0026ty=h"
                },
                {
                  "name": "[announce] 20100928 DIMP H3 (1.1.5) (final)",
                  "refsource": "MLIST",
                  "url": "http://lists.horde.org/archives/announce/2010/000561.html"
                },
                {
                  "name": "41639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41639"
                },
                {
                  "name": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde\u0026r1=1.69.2.82\u0026r2=1.69.2.87\u0026ty=h"
                },
                {
                  "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2010/09/30/8"
                },
                {
                  "name": "[oss-security] 20100930 Re: CVE request: Horde Gollem \u003c1.1.2 XSS in view.php",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2010/09/30/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-3693",
        "datePublished": "2011-04-01T21:00:00.000Z",
        "dateReserved": "2010-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:18:52.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }