CVE-2010-3693

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-3693
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://bugs.horde.org/ticket/9240 Patch
http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h Patch
http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d Patch
http://lists.horde.org/archives/announce/2010/000561.html Patch
http://lists.horde.org/archives/announce/2010/000568.html Patch
http://openwall.com/lists/oss-security/2010/09/30/7 Exploit Patch
http://openwall.com/lists/oss-security/2010/09/30/8 Patch
http://openwall.com/lists/oss-security/2010/10/01/6 Patch
http://secunia.com/advisories/41639 Vendor Advisory
http://www.osvdb.org/68267
http://www.vupen.com/english/advisories/2010/2522 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62080
http://bugs.horde.org/ticket/9240 Patch
http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h Patch
http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d Patch
http://lists.horde.org/archives/announce/2010/000561.html Patch
http://lists.horde.org/archives/announce/2010/000568.html Patch
http://openwall.com/lists/oss-security/2010/09/30/7 Exploit Patch
http://openwall.com/lists/oss-security/2010/09/30/8 Patch
http://openwall.com/lists/oss-security/2010/10/01/6 Patch
http://secunia.com/advisories/41639 Vendor Advisory
http://www.osvdb.org/68267
http://www.vupen.com/english/advisories/2010/2522 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62080
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1:rc3:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1:rc4:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:1.2.5:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:horde:dynamic_imp:*:*:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.0:*:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:horde:dynamic_imp:1.1.3:*:*:*:*:*:*:*
History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://bugs.horde.org/ticket/9240 - Patch () http://bugs.horde.org/ticket/9240 - Patch
References () http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h - () http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h -
References () http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h - Patch () http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h - Patch
References () http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d - Patch () http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d - Patch
References () http://lists.horde.org/archives/announce/2010/000561.html - Patch () http://lists.horde.org/archives/announce/2010/000561.html - Patch
References () http://lists.horde.org/archives/announce/2010/000568.html - Patch () http://lists.horde.org/archives/announce/2010/000568.html - Patch
References () http://openwall.com/lists/oss-security/2010/09/30/7 - Exploit, Patch () http://openwall.com/lists/oss-security/2010/09/30/7 - Exploit, Patch
References () http://openwall.com/lists/oss-security/2010/09/30/8 - Patch () http://openwall.com/lists/oss-security/2010/09/30/8 - Patch
References () http://openwall.com/lists/oss-security/2010/10/01/6 - Patch () http://openwall.com/lists/oss-security/2010/10/01/6 - Patch
References () http://secunia.com/advisories/41639 - Vendor Advisory () http://secunia.com/advisories/41639 - Vendor Advisory
References () http://www.osvdb.org/68267 - () http://www.osvdb.org/68267 -
References () http://www.vupen.com/english/advisories/2010/2522 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/2522 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/62080 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/62080 -
Information

Published : 2011-04-04 12:27

Updated : 2024-11-21 01:19

NVD link : CVE-2010-3693

Mitre link : CVE-2010-3693

CVE.ORG link : CVE-2010-3693

JSON object : View

Products Affected

horde

  • dynamic_imp
  • groupware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024