CVE-2012-0791
Summary
| CVE | CVE-2012-0791 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-01-24 18:55:00 UTC |
| Updated | 2023-11-07 02:10:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Horde | Dynamic Imp | 1.0 | All | All | All |
| Application | Horde | Dynamic Imp | 1.0 | alpha | All | All |
| Application | Horde | Dynamic Imp | 1.0 | rc1 | All | All |
| Application | Horde | Dynamic Imp | 1.0 | rc2 | All | All |
| Application | Horde | Dynamic Imp | 1.0 | rc3 | All | All |
| Application | Horde | Dynamic Imp | 1.1 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1 | rc1 | All | All |
| Application | Horde | Dynamic Imp | 1.1 | rc2 | All | All |
| Application | Horde | Dynamic Imp | 1.1.1 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.2 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.3 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.4 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.5 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.6 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.1 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.10 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.11 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.12 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.13 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.14 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.15 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.16 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.2 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.3 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.4 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.5 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.6 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.7 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.8 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.9 | All | All | All |
| Application | Horde | Dynamic Imp | 1.0 | All | All | All |
| Application | Horde | Dynamic Imp | 1.0 | alpha | All | All |
| Application | Horde | Dynamic Imp | 1.0 | rc1 | All | All |
| Application | Horde | Dynamic Imp | 1.0 | rc2 | All | All |
| Application | Horde | Dynamic Imp | 1.0 | rc3 | All | All |
| Application | Horde | Dynamic Imp | 1.1 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1 | rc1 | All | All |
| Application | Horde | Dynamic Imp | 1.1 | rc2 | All | All |
| Application | Horde | Dynamic Imp | 1.1.1 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.2 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.3 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.4 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.5 | All | All | All |
| Application | Horde | Dynamic Imp | 1.1.6 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.1 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.10 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.11 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.12 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.13 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.14 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.15 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.16 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.2 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.3 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.4 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.5 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.6 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.7 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.8 | All | All | All |
| Application | Horde | Dynamic Imp | 5.0.9 | All | All | All |
| Application | Horde | Dynamic Imp | All | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0 | rc2 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.5 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.6 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.7 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.8 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc2 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc3 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc4 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.5 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.6 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.10 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.3 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.5 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.6 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.7 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.8 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.9 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0 | rc2 | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0 | rc2 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.5 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.6 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.7 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.0.8 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc2 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc3 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1 | rc4 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.5 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.1.6 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.10 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.3 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.5 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.6 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.7 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.8 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 1.2.9 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0 | rc1 | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0 | rc2 | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.1 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.2 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.3 | All | All | All |
| Application | Horde | Groupware Webmail Edition | 4.0.4 | All | All | All |
| Application | Horde | Groupware Webmail Edition | All | All | All | All |
| Application | Horde | Imp | 2.0 | All | All | All |
| Application | Horde | Imp | 2.2 | All | All | All |
| Application | Horde | Imp | 2.2.1 | All | All | All |
| Application | Horde | Imp | 2.2.2 | All | All | All |
| Application | Horde | Imp | 2.2.3 | All | All | All |
| Application | Horde | Imp | 2.2.4 | All | All | All |
| Application | Horde | Imp | 2.2.5 | All | All | All |
| Application | Horde | Imp | 2.2.6 | All | All | All |
| Application | Horde | Imp | 2.2.7 | All | All | All |
| Application | Horde | Imp | 2.2.8 | All | All | All |
| Application | Horde | Imp | 2.3 | All | All | All |
| Application | Horde | Imp | 3.0 | All | All | All |
| Application | Horde | Imp | 3.1 | All | All | All |
| Application | Horde | Imp | 3.1.2 | All | All | All |
| Application | Horde | Imp | 3.2 | All | All | All |
| Application | Horde | Imp | 3.2.1 | All | All | All |
| Application | Horde | Imp | 3.2.2 | All | All | All |
| Application | Horde | Imp | 3.2.3 | All | All | All |
| Application | Horde | Imp | 3.2.4 | All | All | All |
| Application | Horde | Imp | 3.2.5 | All | All | All |
| Application | Horde | Imp | 3.2.6 | All | All | All |
| Application | Horde | Imp | 3.2.7 | All | All | All |
| Application | Horde | Imp | 3.2.7 | rc1 | All | All |
| Application | Horde | Imp | 4.0 | All | All | All |
| Application | Horde | Imp | 4.0.1 | All | All | All |
| Application | Horde | Imp | 4.0.2 | All | All | All |
| Application | Horde | Imp | 4.0.3 | All | All | All |
| Application | Horde | Imp | 4.0.4 | All | All | All |
| Application | Horde | Imp | 4.1.3 | All | All | All |
| Application | Horde | Imp | 4.1.5 | All | All | All |
| Application | Horde | Imp | 4.1.6 | All | All | All |
| Application | Horde | Imp | 4.2 | All | All | All |
| Application | Horde | Imp | 4.2.1 | All | All | All |
| Application | Horde | Imp | 4.2.2 | All | All | All |
| Application | Horde | Imp | 4.3 | All | All | All |
| Application | Horde | Imp | 4.3.1 | All | All | All |
| Application | Horde | Imp | 4.3.2 | All | All | All |
| Application | Horde | Imp | 4.3.3 | All | All | All |
| Application | Horde | Imp | 4.3.4 | All | All | All |
| Application | Horde | Imp | 4.3.5 | All | All | All |
| Application | Horde | Imp | 4.3.6 | All | All | All |
| Application | Horde | Imp | 4.3.7 | All | All | All |
| Application | Horde | Imp | 4.3.8 | All | All | All |
| Application | Horde | Imp | 4.3.9 | All | All | All |
| Application | Horde | Imp | 5.0 | All | All | All |
| Application | Horde | Imp | 5.0 | alpha1 | All | All |
| Application | Horde | Imp | 5.0 | beta1 | All | All |
| Application | Horde | Imp | 5.0 | rc1 | All | All |
| Application | Horde | Imp | 5.0 | rc2 | All | All |
| Application | Horde | Imp | 5.0.1 | All | All | All |
| Application | Horde | Imp | 5.0.2 | All | All | All |
| Application | Horde | Imp | 5.0.3 | All | All | All |
| Application | Horde | Imp | 5.0.4-git | All | All | All |
| Application | Horde | Imp | 2.0 | All | All | All |
| Application | Horde | Imp | 2.2 | All | All | All |
| Application | Horde | Imp | 2.2.1 | All | All | All |
| Application | Horde | Imp | 2.2.2 | All | All | All |
| Application | Horde | Imp | 2.2.3 | All | All | All |
| Application | Horde | Imp | 2.2.4 | All | All | All |
| Application | Horde | Imp | 2.2.5 | All | All | All |
| Application | Horde | Imp | 2.2.6 | All | All | All |
| Application | Horde | Imp | 2.2.7 | All | All | All |
| Application | Horde | Imp | 2.2.8 | All | All | All |
| Application | Horde | Imp | 2.3 | All | All | All |
| Application | Horde | Imp | 3.0 | All | All | All |
| Application | Horde | Imp | 3.1 | All | All | All |
| Application | Horde | Imp | 3.1.2 | All | All | All |
| Application | Horde | Imp | 3.2 | All | All | All |
| Application | Horde | Imp | 3.2.1 | All | All | All |
| Application | Horde | Imp | 3.2.2 | All | All | All |
| Application | Horde | Imp | 3.2.3 | All | All | All |
| Application | Horde | Imp | 3.2.4 | All | All | All |
| Application | Horde | Imp | 3.2.5 | All | All | All |
| Application | Horde | Imp | 3.2.6 | All | All | All |
| Application | Horde | Imp | 3.2.7 | All | All | All |
| Application | Horde | Imp | 3.2.7 | rc1 | All | All |
| Application | Horde | Imp | 4.0 | All | All | All |
| Application | Horde | Imp | 4.0.1 | All | All | All |
| Application | Horde | Imp | 4.0.2 | All | All | All |
| Application | Horde | Imp | 4.0.3 | All | All | All |
| Application | Horde | Imp | 4.0.4 | All | All | All |
| Application | Horde | Imp | 4.1.3 | All | All | All |
| Application | Horde | Imp | 4.1.5 | All | All | All |
| Application | Horde | Imp | 4.1.6 | All | All | All |
| Application | Horde | Imp | 4.2 | All | All | All |
| Application | Horde | Imp | 4.2.1 | All | All | All |
| Application | Horde | Imp | 4.2.2 | All | All | All |
| Application | Horde | Imp | 4.3 | All | All | All |
| Application | Horde | Imp | 4.3.1 | All | All | All |
| Application | Horde | Imp | 4.3.2 | All | All | All |
| Application | Horde | Imp | 4.3.3 | All | All | All |
| Application | Horde | Imp | 4.3.4 | All | All | All |
| Application | Horde | Imp | 4.3.5 | All | All | All |
| Application | Horde | Imp | 4.3.6 | All | All | All |
| Application | Horde | Imp | 4.3.7 | All | All | All |
| Application | Horde | Imp | 4.3.8 | All | All | All |
| Application | Horde | Imp | 4.3.9 | All | All | All |
| Application | Horde | Imp | 5.0 | All | All | All |
| Application | Horde | Imp | 5.0 | alpha1 | All | All |
| Application | Horde | Imp | 5.0 | beta1 | All | All |
| Application | Horde | Imp | 5.0 | rc1 | All | All |
| Application | Horde | Imp | 5.0 | rc2 | All | All |
| Application | Horde | Imp | 5.0.1 | All | All | All |
| Application | Horde | Imp | 5.0.2 | All | All | All |
| Application | Horde | Imp | 5.0.3 | All | All | All |
| Application | Horde | Imp | 5.0.4-git | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Horde Groupware Input Validation Flaws Permit Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Documentation - IMP - The Horde Project | CONFIRM | www.horde.org | |
| Documentation - Webmail - The Horde Project | CONFIRM | www.horde.org | |
| Documentation - IMP - The Horde Project | CONFIRM | www.horde.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| Horde Internet Messaging Program (IMP) Input Validation Flaws Permit Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| oss-security - Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 | MLIST | www.openwall.com | |
| Debian -- Security Information -- DSA-2485-1 imp4 | DEBIAN | www.debian.org | |
| Multiple Horde Products Cross Site Scripting and HTML Injection Vulnerabilities | BID | www.securityfocus.com | |
| Documentation - Webmail - The Horde Project | CONFIRM | www.horde.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.