Cross-Site Scripting Vulnerability in Horde IMP Webmail Client
CVE-2005-4080

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
8 December 2005

What is CVE-2005-4080?

Horde IMP versions 4.0.4 and earlier are susceptible to a Cross-Site Scripting (XSS) vulnerability due to inadequate sanitization of UTF16 null characters in strings. This flaw enables remote attackers to execute malicious scripts via UTF16 encoded attachments. When accessed in Internet Explorer, the browser's unique handling of these characters allows the payload to be executed without user consent, compromising the security of the affected webmail client and its users.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.