Cross-Site Scripting Vulnerability in Horde Internet Mail Program and Groupware Webmail Edition
CVE-2012-5565

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
5 April 2014

What is CVE-2012-5565?

A cross-site scripting vulnerability exists in the js/compose-dimp.js file of the Horde Internet Mail Program (IMP) prior to version 5.0.24. This flaw allows remote attackers to inject arbitrary web scripts or HTML through specially crafted filenames for attached files. It is related to the dynamic view used in the Horde Groupware Webmail Edition prior to version 4.0.9, potentially compromising the security of users and enabling unauthorized actions.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.