CVE-2010-3695

Horde Imp < 4.3.7 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moritz Naumann · textwebappsphp

https://www.exploit-db.com/exploits/34773

View Code ZIP pw:eip

References (19)

Core 19

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/43515

Various Sources mailing-list x_refsource_mlist

http://lists.horde.org/archives/announce/2010/000568.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2204

Patch x_refsource_confirm

http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/10/01/6

Various Sources x_refsource_confirm

http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/513992/100/0/threaded

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html

Patch mailing-list x_refsource_mlist

http://lists.horde.org/archives/announce/2010/000558.html

Various Sources x_refsource_confirm

http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0769

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8170

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41627

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=641069

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2513

Exploit, Patch x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584

Exploit, Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/09/30/8

Exploit, Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/09/30/7

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43896

Scores

EPSS 0.0117

EPSS Percentile 78.8%

Details

CWE

CWE-79

Status published

Products (42)

horde/groupware 1.0 (3 CPE variants)

horde/groupware 1.0.1

horde/groupware 1.0.2

horde/groupware 1.0.3

horde/groupware 1.0.4

horde/groupware 1.0.5

horde/groupware 1.0.6

horde/groupware 1.0.7

horde/groupware 1.0.8

horde/groupware 1.1 (5 CPE variants)

... and 32 more

Published Mar 31, 2011

Tracked Since Feb 18, 2026