QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6640

Published: Apr 5, 2014

Modified: Sep 16, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[announce] 20120626 IMP H4 (5.0.22) (final)

mailing-list

x_refsource_MLIST

https://github.com/horde/horde/commit/08c699f744b6d2be1a5f3a2ba7203f4631b4c5dc

x_refsource_CONFIRM

[announce] 20121114 Horde Groupware Webmail Edition 4.0.9 (final)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.