CVE-2010-3695
Summary
| CVE | CVE-2010-3695 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-03-31 22:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Horde | Groupware | 1.0 | All | All | All |
| Application | Horde | Groupware | 1.0 | rc1 | All | All |
| Application | Horde | Groupware | 1.0 | rc2 | All | All |
| Application | Horde | Groupware | 1.0.1 | All | All | All |
| Application | Horde | Groupware | 1.0.2 | All | All | All |
| Application | Horde | Groupware | 1.0.3 | All | All | All |
| Application | Horde | Groupware | 1.0.4 | All | All | All |
| Application | Horde | Groupware | 1.0.5 | All | All | All |
| Application | Horde | Groupware | 1.0.6 | All | All | All |
| Application | Horde | Groupware | 1.0.7 | All | All | All |
| Application | Horde | Groupware | 1.0.8 | All | All | All |
| Application | Horde | Groupware | 1.1 | All | All | All |
| Application | Horde | Groupware | 1.1 | rc1 | All | All |
| Application | Horde | Groupware | 1.1 | rc2 | All | All |
| Application | Horde | Groupware | 1.1 | rc3 | All | All |
| Application | Horde | Groupware | 1.1 | rc4 | All | All |
| Application | Horde | Groupware | 1.1.1 | All | All | All |
| Application | Horde | Groupware | 1.1.2 | All | All | All |
| Application | Horde | Groupware | 1.1.3 | All | All | All |
| Application | Horde | Groupware | 1.1.4 | All | All | All |
| Application | Horde | Groupware | 1.1.5 | All | All | All |
| Application | Horde | Groupware | 1.1.6 | All | All | All |
| Application | Horde | Groupware | 1.2 | All | All | All |
| Application | Horde | Groupware | 1.2 | rc1 | All | All |
| Application | Horde | Groupware | 1.2.1 | All | All | All |
| Application | Horde | Groupware | 1.2.2 | All | All | All |
| Application | Horde | Groupware | 1.2.3 | All | All | All |
| Application | Horde | Groupware | 1.2.3 | rc1 | All | All |
| Application | Horde | Groupware | 1.2.4 | All | All | All |
| Application | Horde | Groupware | 1.2.5 | All | All | All |
| Application | Horde | Groupware | All | All | All | All |
| Application | Horde | Imp | 2.0 | All | All | All |
| Application | Horde | Imp | 2.2 | All | All | All |
| Application | Horde | Imp | 2.2.1 | All | All | All |
| Application | Horde | Imp | 2.2.2 | All | All | All |
| Application | Horde | Imp | 2.2.3 | All | All | All |
| Application | Horde | Imp | 2.2.4 | All | All | All |
| Application | Horde | Imp | 2.2.5 | All | All | All |
| Application | Horde | Imp | 2.2.6 | All | All | All |
| Application | Horde | Imp | 2.2.7 | All | All | All |
| Application | Horde | Imp | 2.2.8 | All | All | All |
| Application | Horde | Imp | 2.3 | All | All | All |
| Application | Horde | Imp | 3.0 | All | All | All |
| Application | Horde | Imp | 3.1 | All | All | All |
| Application | Horde | Imp | 3.1.2 | All | All | All |
| Application | Horde | Imp | 3.2 | All | All | All |
| Application | Horde | Imp | 3.2.1 | All | All | All |
| Application | Horde | Imp | 3.2.2 | All | All | All |
| Application | Horde | Imp | 3.2.3 | All | All | All |
| Application | Horde | Imp | 3.2.4 | All | All | All |
| Application | Horde | Imp | 3.2.5 | All | All | All |
| Application | Horde | Imp | 3.2.6 | All | All | All |
| Application | Horde | Imp | 3.2.7 | All | All | All |
| Application | Horde | Imp | 3.2.7 | rc1 | All | All |
| Application | Horde | Imp | 4.0 | All | All | All |
| Application | Horde | Imp | 4.0.1 | All | All | All |
| Application | Horde | Imp | 4.0.2 | All | All | All |
| Application | Horde | Imp | 4.0.3 | All | All | All |
| Application | Horde | Imp | 4.0.4 | All | All | All |
| Application | Horde | Imp | 4.1.3 | All | All | All |
| Application | Horde | Imp | 4.1.5 | All | All | All |
| Application | Horde | Imp | 4.1.6 | All | All | All |
| Application | Horde | Imp | 4.2 | All | All | All |
| Application | Horde | Imp | 4.2.1 | All | All | All |
| Application | Horde | Imp | 4.2.2 | All | All | All |
| Application | Horde | Imp | 4.3 | All | All | All |
| Application | Horde | Imp | 4.3.1 | All | All | All |
| Application | Horde | Imp | 4.3.2 | All | All | All |
| Application | Horde | Imp | 4.3.3 | All | All | All |
| Application | Horde | Imp | 4.3.4 | All | All | All |
| Application | Horde | Imp | 4.3.5 | All | All | All |
| Application | Horde | Imp | 4.3.6 | All | All | All |
| Application | Horde | Imp | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Re: CVE request: Horde Gollem <1.1.2 XSS in view.php | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Exploit, Patch |
| 641069 – (CVE-2010-3695) CVE-2010-3695 imp: XSS flaw in fetchmail configuration | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Exploit, Patch |
| Horde :: Log in | af854a3a-2127-422b-91ae-364da2661108 | git.horde.org | |
| oss-security - Re: CVE request: Horde Gollem <1.1.2 XSS in view.php | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Exploit, Patch |
| archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Exploit |
| Horde IMP "fm_id" Cross-Site Scripting Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| #598584 - imp4: XSS in fetchmail configuration - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | Exploit, Patch |
| Debian -- Security Information -- DSA-2204-1 imp4 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Debian update for imp4 - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Horde :: Log in | af854a3a-2127-422b-91ae-364da2661108 | git.horde.org | Patch |
| Horde :: Log in | af854a3a-2127-422b-91ae-364da2661108 | cvs.horde.org | |
| Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit |
| [announce] IMP H3 (4.3.8) (final) | af854a3a-2127-422b-91ae-364da2661108 | lists.horde.org | Patch |
| [announce] Horde Groupware Webmail Edition 1.2.7 (final) | af854a3a-2127-422b-91ae-364da2661108 | lists.horde.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| XSS in Horde IMP <=4.3.7, fetchmailprefs.php - CXSecurity.com | af854a3a-2127-422b-91ae-364da2661108 | securityreason.com | |
| oss-security - Re: CVE request: Horde Gollem <1.1.2 XSS in view.php | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.