1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Candidate: CVE-2014-4946
PublicDate: 2014-07-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4946
https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES
https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES
http://secunia.com/advisories/59772
http://secunia.com/advisories/59770
http://lists.horde.org/archives/announce/2014/001025.html
http://lists.horde.org/archives/announce/2014/001019.html
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail
Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition
before 5.1.5, allow remote attackers to inject arbitrary web script or HTML
via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox
view.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_php-horde-imp:
upstream_php-horde-imp: needs-triage
lucid_php-horde-imp: DNE
precise_php-horde-imp: DNE
precise/esm_php-horde-imp: DNE
trusty_php-horde-imp: needs-triage
utopic_php-horde-imp: ignored (reached end-of-life)
vivid_php-horde-imp: ignored (reached end-of-life)
vivid/stable-phone-overlay_php-horde-imp: DNE
vivid/ubuntu-core_php-horde-imp: DNE
wily_php-horde-imp: ignored (reached end-of-life)
xenial_php-horde-imp: needs-triage
yakkety_php-horde-imp: ignored (reached end-of-life)
zesty_php-horde-imp: needs-triage
devel_php-horde-imp: needs-triage
|