Описание
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life, was needed |
| devel | ignored | |
| edgy | ignored | end of life, was needed |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | ignored | end of life, was needed |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life, was needed |
| upstream | ignored |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware ...
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages.
EPSS
4.3 Medium
CVSS2
5.4 Medium
CVSS3