QwikSec

Security Database

CVE

CWE

Training

CVE-2014-4945

Published: Jul 14, 2014

Modified: Sep 17, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES

x_refsource_CONFIRM

https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES

x_refsource_CONFIRM

[announce] 20140707 [SECURITY] IMP 6.1.8 (final)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.