Описание
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-3695
- https://bugzilla.redhat.com/show_bug.cgi?id=641069
- http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584
- http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h
- http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h
- http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11
- http://lists.horde.org/archives/announce/2010/000558.html
- http://lists.horde.org/archives/announce/2010/000568.html
- http://openwall.com/lists/oss-security/2010/09/30/7
- http://openwall.com/lists/oss-security/2010/09/30/8
- http://openwall.com/lists/oss-security/2010/10/01/6
- http://secunia.com/advisories/41627
- http://secunia.com/advisories/43896
- http://securityreason.com/securityalert/8170
- http://www.debian.org/security/2011/dsa-2204
- http://www.securityfocus.com/archive/1/513992/100/0/threaded
- http://www.securityfocus.com/bid/43515
- http://www.vupen.com/english/advisories/2010/2513
- http://www.vupen.com/english/advisories/2011/0769
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Hord ...