1
Candidate: CVE-2010-4778
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4778
6
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php
7
in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before
8
1.2.7, allow remote attackers to inject arbitrary web script or HTML via
9
the (1) username (aka fmusername), (2) password (aka fmpassword), or (3)
10
server (aka fmserver) field in a fetchmail_prefs_save action, related to
11
the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE:
12
some of these details are obtained from third party information.
21
upstream_imp3: needs-triage
22
dapper_imp3: ignored (reached end-of-life)
37
vivid/stable-phone-overlay_imp3: DNE
38
vivid/ubuntu-core_imp3: DNE
46
upstream: http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11
47
upstream_imp4: released (4.3.8)
48
dapper_imp4: ignored (reached end-of-life)
49
hardy_imp4: ignored (reached end-of-life)
50
karmic_imp4: ignored (reached end-of-life)
51
lucid_imp4: ignored (reached end-of-life)
52
maverick_imp4: ignored (reached end-of-life)
53
natty_imp4: ignored (reached end-of-life)
54
oneiric_imp4: ignored (reached end-of-life)
55
precise_imp4: ignored (reached end-of-life)
56
precise/esm_imp4: DNE (precise was needed)
57
quantal_imp4: not-affected (4.3.10+debian0-1)
63
vivid/stable-phone-overlay_imp4: DNE
64
vivid/ubuntu-core_imp4: DNE