Description
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SEC Consult · perlremotelinux
https://www.exploit-db.com/exploits/26741
References (7)
Scores
EPSS
0.0129
EPSS Percentile
79.7%
Details
Status
published
Products (25)
horde/imp
2.0
horde/imp
2.2
horde/imp
2.2.1
horde/imp
2.2.2
horde/imp
2.2.3
horde/imp
2.2.4
horde/imp
2.2.5
horde/imp
2.2.6
horde/imp
2.2.7
horde/imp
2.2.8
... and 15 more
Published
Dec 08, 2005
Tracked Since
Feb 18, 2026