Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) prior to 5.0.24, as used in Horde Groupware Webmail Edition prior to 4.0.9, allows remote malicious users to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
horde imp 5.0.12 |
||
horde imp 5.0.10 |
||
horde imp 5.0.8 |
||
horde imp 5.0.6 |
||
horde imp 5.0.20 |
||
horde imp 5.0.16 |
||
horde imp 5.0.5 |
||
horde imp 5.0.9 |
||
horde imp |
||
horde imp 5.0.22 |
||
horde imp 5.0.13 |
||
horde imp 5.0.15 |
||
horde imp 5.0.17 |
||
horde imp 5.0.19 |
||
horde imp 5.0.18 |
||
horde imp 5.0.14 |
||
horde imp 5.0.4 |
||
horde imp 5.0.7 |
||
horde imp 5.0.11 |
||
horde imp 5.0.21 |
||
horde groupware 4.0.6 |
||
horde groupware 4.0.5 |
||
horde groupware 4.0.4 |
||
horde groupware 4.0.3 |
||
horde groupware 4.0.7 |
||
horde groupware 4.0.2 |
||
horde groupware 4.0 |
||
horde groupware |
||
horde groupware 4.0.1 |
Vulmon