CVE-2008-3823

Horde 3.2.x - Cross-Site Scripting via MIME Attachment Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3823. PoCs published by Alexios Fakos.

AI-analyzed exploit summary This is a simple XSS proof-of-concept for CVE-2008-3823, demonstrating arbitrary JavaScript execution in the Horde Framework due to insufficient input sanitization. The PoC uses a basic alert payload to confirm vulnerability.

Description

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexios Fakos · textwebappsphp

https://www.exploit-db.com/exploits/32354

View Code ZIP pw:eip

This is a simple XSS proof-of-concept for CVE-2008-3823, demonstrating arbitrary JavaScript execution in the Horde Framework due to insufficient input sanitization. The PoC uses a basic alert payload to confirm vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Horde Framework 3.2 through 3.2.1

No auth needed

Prerequisites: Victim must visit a crafted URL or page containing the malicious payload

MITRE ATT&CK