CVE-2007-1515
Summary
| CVE | CVE-2007-1515 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-03-20 10:19:00 UTC |
| Updated | 2018-10-16 16:38:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [Full-disclosure] Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues | FULLDISC | lists.grok.org.uk | Exploit, Vendor Advisory |
| [announce] IMP H3 (4.1.4) (final) | MLIST | lists.horde.org | Patch, Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Horde IMP Input Validation Holes in 'thread.php' and 'search.php' Permit Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Webmail- OVH | VUPEN | www.vupen.com | |
| IMP Script Insertion and Cross-Site Scripting Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| Horde IMP Webmail Client Multiple Input Validation Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.