The IMHO Webmail module 0.97.3 and previous versions for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
imho imho webmail 0.96 |
||
imho imho webmail 0.96.1 |
||
imho imho webmail 0.98 |
||
imho imho webmail 0.98.2 |
||
imho imho webmail 0.98.3 |
||
imho imho webmail 0.96.2 |
||
imho imho webmail 0.97 |
||
imho imho webmail 0.96.3 |
||
imho imho webmail 0.97.1 |