CVE-2010-3695

Horde IMP < 4.3.8 & Groupware Webmail < 1.2.7 - XSS via Fetchmail fm_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3695. PoCs published by Moritz Naumann.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Horde IMP Webmail by injecting a JavaScript alert via the `fm_id` parameter in the URL. The lack of proper sanitization allows arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moritz Naumann · textwebappsphp

https://www.exploit-db.com/exploits/34773

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Horde IMP Webmail by injecting a JavaScript alert via the `fm_id` parameter in the URL. The lack of proper sanitization allows arbitrary script execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Horde IMP Webmail 4.3.7

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/43515

Various Sources mailing-list x_refsource_mlist

http://lists.horde.org/archives/announce/2010/000568.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2204

Patch x_refsource_confirm

http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/10/01/6

Various Sources x_refsource_confirm

http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/513992/100/0/threaded

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html

Patch mailing-list x_refsource_mlist

http://lists.horde.org/archives/announce/2010/000558.html

Various Sources x_refsource_confirm

http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0769

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8170

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41627

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=641069

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2513

Exploit, Patch x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584

Exploit, Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/09/30/8

Exploit, Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/09/30/7

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43896

Scores

EPSS 0.0498

EPSS Percentile 91.1%

Details

CWE

CWE-79

Status published

Products (42)

horde/groupware 1.0 (3 CPE variants)

horde/groupware 1.0.1

horde/groupware 1.0.2

horde/groupware 1.0.3

horde/groupware 1.0.4

horde/groupware 1.0.5

horde/groupware 1.0.6

horde/groupware 1.0.7

horde/groupware 1.0.8

horde/groupware 1.1 (5 CPE variants)

... and 32 more

Published Mar 31, 2011

Tracked Since Feb 18, 2026