C3PO

1 exploit Active since Dec 2005
CVE-2005-4080 EXPLOITDB perl WORKING POC
Horde IMP <= 4.0.4 - Cross-Site Scripting via UTF16 Null Character Handling
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.