Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 prior to 4.1.3 allows remote malicious users to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
horde horde 3.0.4_rc1 |
||
horde horde 3.0.4_rc2 |
||
horde horde 3.0.6 |
||
horde imp 2.2 |
||
horde imp 2.2.1 |
||
horde imp 2.2.8 |
||
horde imp 2.3 |
||
horde imp 3.2.4 |
||
horde imp 3.2.5 |
||
horde horde 3.0.1 |
||
horde horde 3.0.2 |
||
horde horde 3.0.9 |
||
horde horde 3.1 |
||
horde horde 3.0 |
||
horde horde 3.0.7 |
||
horde horde 3.0.8 |
||
horde imp 2.2.2 |
||
horde imp 2.2.3 |
||
horde imp 3.0 |
||
horde imp 3.1 |
||
horde horde 3.0.3 |
||
horde horde 3.0.4 |
||
horde horde 3.1.1 |
||
horde imp 2.0 |
||
horde imp 2.2.6 |
||
horde imp 2.2.7 |
||
horde imp 3.2.1 |
||
horde imp 3.2.2 |
||
horde imp 3.2.3 |
||
horde imp 4.0.4 |
||
horde imp 2.2.4 |
||
horde imp 2.2.5 |
||
horde imp 3.1.2 |
||
horde imp 3.2 |
||
horde imp 4.0.2 |
||
horde imp 4.0.3 |
||
horde imp 4.0 |
||
horde imp 4.0.1 |
Vulmon