Cross-site Scripting Vulnerability in Horde IMP and Horde Groupware Webmail Edition
CVE-2010-3695

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
31 March 2011

What is CVE-2010-3695?

An XSS vulnerability exists in fetchmailprefs.php within Horde IMP and Horde Groupware Webmail Edition. This flaw enables remote attackers to inject arbitrary web scripts or HTML through the fm_id parameter during a fetchmail_prefs_save action, impacting the security of the affected systems. Prompt updates to the latest versions can mitigate this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.