CVE-2010-4778

Horde IMP <4.3.8 - Horde Groupware Webmail Edition <1.2.7 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information.

References (2)

Scores

EPSS 0.0026
EPSS Percentile 49.4%

Classification

CWE
CWE-79
Status published

Affected Products (50)

horde/imp < 4.3.7
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
horde/imp
... and 35 more

Timeline

Published Apr 04, 2011
Tracked Since Feb 18, 2026