Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-4946

Опубликовано: 14 июл. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*
Версия до 5.1.4 (включая)
cpe:2.3:a:horde:groupware:5.0.0:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.0:rc1:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.1:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.2:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.3:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.4:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.5:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.0:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.0:rc1:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.1:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.2:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.3:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:internet_mail_program:*:*:*:*:*:*:*:*
Версия до 6.1.7 (включая)
cpe:2.3:a:horde:internet_mail_program:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:internet_mail_program:6.1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 64%
0.00475
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2014-4946

ubuntu
больше 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.

debian логотип

CVE-2014-4946

debian
больше 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...

github логотип

GHSA-ffjw-6mf8-2rj5

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.

EPSS

Процентиль: 64%
0.00475
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79