CVE-2010-3695

Horde Imp < 4.3.7 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moritz Naumann · textwebappsphp

https://www.exploit-db.com/exploits/34773

View Code ZIP pw:eip

References (19)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html

[Exploit, Patch] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584

[Various Sources] http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h

[Various Sources] http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h

[Patch] http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

[Patch] http://lists.horde.org/archives/announce/2010/000558.html

[Various Sources] http://lists.horde.org/archives/announce/2010/000568.html

[Exploit, Patch] http://openwall.com/lists/oss-security/2010/09/30/7

[Exploit, Patch] http://openwall.com/lists/oss-security/2010/09/30/8

[Patch] http://openwall.com/lists/oss-security/2010/10/01/6

[Vendor Advisory] http://secunia.com/advisories/41627

[Vendor Advisory] http://secunia.com/advisories/43896

[Third Party Advisory] http://securityreason.com/securityalert/8170

[Exploit] http://www.securityfocus.com/bid/43515

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2513

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0769

[Exploit, Patch] https://bugzilla.redhat.com/show_bug.cgi?id=641069

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/513992/100/0/threaded

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2204

Scores

EPSS 0.0117

EPSS Percentile 78.5%

Classification

CWE

CWE-79

Status published

Affected Products (50)

horde/imp < 4.3.7

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

horde/imp

... and 35 more

Timeline

Published Mar 31, 2011

Tracked Since Feb 18, 2026