Cross-Site Scripting Vulnerabilities in Horde IMP by Horde
CVE-2009-0930

Currently unrated

Key Information:

Vendor: Debian
Status: Horde Imp
Vendor: CVE Published:; 17 March 2009

Summary

Horde IMP is susceptible to multiple Cross-Site Scripting (XSS) vulnerabilities that permit remote attackers to inject arbitrary web scripts or HTML into the application. This issue arises from insufficient input validation in several components, specifically 'smime.php', 'pgp.php', and 'message.php', potentially leading to unauthorized actions in the context of impacted users.

References

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/33719

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2009/dsa-1770

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Mar 17, 2009
Vulnerability Reserved
Mar 17, 2009