VulDB: Horde IMP up to 5.0.20 cross site scripting
General
scipID: 5395
Affected: Horde IMP up to 5.0.20
Published: 05/09/2012
Risk: 
problematic
Entry: 81.9% complete
Created: 05/15/2012
Updated: 06/06/2012
Summary
A vulnerability classified as problematic was found in Horde IMP up to 5.0.20. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was published 05/09/2012 as knowledge base article (Website). The advisory is shared for download at lists.horde.org. The exploitability is told to be easy. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 5.0.21 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (81786) and Secunia (SA49042).CVSS
Base Score: 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Cross site scripting
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: IMP 5.0.21
Timeline
05/09/2012 | Advisory disclosed
05/09/2012 | Countermeasure disclosed
05/09/2012 | OSVDB entry created
05/15/2012 | VulDB entry created
06/06/2012 | VulDB entry updated
Sources
Advisory: lists.horde.org
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
