Published: 08/12/2005 Updated: 19/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Horde IMP 4.0.4 and previous versions does not sanitize strings containing UTF16 null characters, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde imp 2.0
horde imp 2.2
horde imp 2.2.7
horde imp 2.2.8
horde imp 3.2.2
horde imp 3.2.3
horde imp 2.2.3
horde imp 2.2.4
horde imp 3.1
horde imp 3.1.2
horde imp 4.0
horde imp 4.0.1
horde imp 2.2.5
horde imp 2.2.6
horde imp 3.2
horde imp 3.2.1
horde imp 4.0.2
horde imp 4.0.3
horde imp 4.0.4
horde imp 2.2.1
horde imp 2.2.2
horde imp 2.3
horde imp 3.0
horde imp 3.2.4
horde imp 3.2.5

source: wwwsecurityfocuscom/bid/15730/info Horde IMP is prone to an HTML injection vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be executed in the context of the affected Web site, po ...

NVD-CWE-Other http://www.securityfocus.com/bid/15730/http://securitytracker.com/id?1015315 http://secunia.com/advisories/17910 http://securityreason.com/securityalert/232 http://www.vupen.com/english/advisories/2005/2773 https://exchange.xforce.ibmcloud.com/vulnerabilities/23465 http://www.securityfocus.com/archive/1/418734/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/26741/

CVE-2005-4080

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect