Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6640

Опубликовано: 05 апр. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:horde:groupware:*:*:webamail:*:*:*:*:*
Версия до 4.0.8 (включая)
cpe:2.3:a:horde:groupware:4.0:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0:rc1:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0:rc2:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.1:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.2:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.3:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.4:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.5:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.6:*:webamail:*:*:*:*:*
cpe:2.3:a:horde:groupware:4.0.7:*:webamail:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:horde:imp:*:*:*:*:*:*:*:*
Версия до 5.0.21 (включая)
cpe:2.3:a:horde:imp:5.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.14:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.15:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.17:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.18:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.19:*:*:*:*:*:*:*
cpe:2.3:a:horde:imp:5.0.20:*:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00296
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2012-6640

ubuntu
почти 12 лет назад

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

debian логотип

CVE-2012-6640

debian
почти 12 лет назад

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Progra ...

github логотип

GHSA-rh3v-pr53-rxj5

github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

EPSS

Процентиль: 53%
0.00296
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79