QwikSec

Security Database

CVE

CWE

Training

CVE-2012-5565

Published: Apr 5, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2012:1626

vendor-advisory

x_refsource_SUSE

[announce] 20121114 IMP H4 (5.0.24) (final)

mailing-list

x_refsource_MLIST

https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2

x_refsource_CONFIRM

[oss-security] 20121123 Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.

mailing-list

x_refsource_MLIST

[announce] 20121114 Horde Groupware Webmail Edition 4.0.9 (final)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.