Web application abuses : Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100826

Categoría: Web application abuses

Título: Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

Resumen: Horde IMP Webmail is prone to an HTML injection vulnerability; because it fails to sufficiently sanitize user-supplied data before it is used in dynamic; content.

Descripción: Summary:
Horde IMP Webmail is prone to an HTML injection vulnerability
because it fails to sufficiently sanitize user-supplied data before it is used in dynamic
content.

Vulnerability Impact:
Attacker-supplied HTML or JavaScript code could run in the
context of the affected site, potentially allowing the attacker to steal cookie-based
authentication credentials and to control how the site is rendered to the user. Other attacks are
also possible.

Affected Software/OS:
Horde IMP 4.3.7 is affected. Other versions may also be
vulnerable.

Solution:
Updates are available. Please see the references for more
information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3695
20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
http://www.securityfocus.com/archive/1/513992/100/0/threaded
41627
http://secunia.com/advisories/41627
43515
http://www.securityfocus.com/bid/43515
43896
http://secunia.com/advisories/43896
8170
http://securityreason.com/securityalert/8170
ADV-2010-2513
http://www.vupen.com/english/advisories/2010/2513
ADV-2011-0769
http://www.vupen.com/english/advisories/2011/0769
DSA-2204
http://www.debian.org/security/2011/dsa-2204
[announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final)
http://lists.horde.org/archives/announce/2010/000568.html
[announce] 20100928 IMP H3 (4.3.8) (final)
http://lists.horde.org/archives/announce/2010/000558.html
[oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php
http://openwall.com/lists/oss-security/2010/09/30/7
http://openwall.com/lists/oss-security/2010/09/30/8
[oss-security] 20101001 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php
http://openwall.com/lists/oss-security/2010/10/01/6
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584
http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h
http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11
https://bugzilla.redhat.com/show_bug.cgi?id=641069
Common Vulnerability Exposure (CVE) ID: CVE-2010-4778

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100826
Categoría:	Web application abuses
Título:	Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability
Resumen:	Horde IMP Webmail is prone to an HTML injection vulnerability; because it fails to sufficiently sanitize user-supplied data before it is used in dynamic; content.
Descripción:	Summary: Horde IMP Webmail is prone to an HTML injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Vulnerability Impact: Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: Horde IMP 4.3.7 is affected. Other versions may also be vulnerable. Solution: Updates are available. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3695 20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html http://www.securityfocus.com/archive/1/513992/100/0/threaded 41627 http://secunia.com/advisories/41627 43515 http://www.securityfocus.com/bid/43515 43896 http://secunia.com/advisories/43896 8170 http://securityreason.com/securityalert/8170 ADV-2010-2513 http://www.vupen.com/english/advisories/2010/2513 ADV-2011-0769 http://www.vupen.com/english/advisories/2011/0769 DSA-2204 http://www.debian.org/security/2011/dsa-2204 [announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final) http://lists.horde.org/archives/announce/2010/000568.html [announce] 20100928 IMP H3 (4.3.8) (final) http://lists.horde.org/archives/announce/2010/000558.html [oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php http://openwall.com/lists/oss-security/2010/09/30/7 http://openwall.com/lists/oss-security/2010/09/30/8 [oss-security] 20101001 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php http://openwall.com/lists/oss-security/2010/10/01/6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584 http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 https://bugzilla.redhat.com/show_bug.cgi?id=641069 Common Vulnerability Exposure (CVE) ID: CVE-2010-4778
Copyright	Copyright (C) 2010 Greenbone AG