CVE-2001-0857

IMP Webmail < 2.2.6 - Cross-Site Scripting via Status Message Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0857. PoCs published by Joao Pedro Goncalves.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Horde IMP's status.php3. The crafted URL injects JavaScript to steal cookie-based authentication credentials by sending them to an attacker-controlled server.

Description

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Joao Pedro Goncalves · textremotelinux
https://www.exploit-db.com/exploits/21151

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Horde IMP's status.php3. The crafted URL injects JavaScript to steal cookie-based authentication credentials by sending them to an attacker-controlled server.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Horde IMP (version not specified)
No auth needed
Prerequisites: Victim must click a malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7496
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100535679608486&w=2
Vendor Advisory vendor-advisory x_refsource_caldera
http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100540578822469&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/668
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3525

Scores

EPSS 0.0349
EPSS Percentile 87.7%

Details

Status published
Products (1)
imp/webmail < 2.2.6
Published Dec 06, 2001
Tracked Since Feb 18, 2026