{"api_version":"1","generated_at":"2026-05-15T00:09:15+00:00","cve":"CVE-2007-1515","urls":{"html":"https://cve.report/CVE-2007-1515","api":"https://cve.report/api/cve/CVE-2007-1515.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-1515","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-1515"},"summary":{"title":"CVE-2007-1515","description":"Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php.  NOTE: some of these details are obtained from third party information.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-03-20 10:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"[Full-disclosure] Horde IMP Webmail Client version H3 (4.1.4) fixes\tmultiple XSS issues","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/24541","name":"http://secunia.com/advisories/24541","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IMP Script Insertion and Cross-Site Scripting Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.horde.org/archives/announce/2007/000316.html","name":"http://lists.horde.org/archives/announce/2007/000316.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"[announce] IMP H3 (4.1.4) (final)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/462914/100/0/threaded","name":"http://www.securityfocus.com/archive/1/462914/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017774","name":"http://www.securitytracker.com/id?1017774","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Horde IMP Input Validation Holes in 'thread.php' and 'search.php' Permit Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/22975","name":"http://www.securityfocus.com/bid/22975","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Horde IMP Webmail Client Multiple Input Validation Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/0964","name":"http://www.vupen.com/english/advisories/2007/0964","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-1515","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1515","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"1515","vulnerable":"1","versionEndIncluding":"4.1.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"horde","cpe5":"imp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T12:59:08.400Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1017774","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017774"},{"name":"20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html"},{"name":"[announce] 20070314 IMP H3 (4.1.4) (final)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.horde.org/archives/announce/2007/000316.html"},{"name":"20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/462914/100/0/threaded"},{"name":"ADV-2007-0964","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0964"},{"name":"24541","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24541"},{"name":"22975","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/22975"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-03-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php.  NOTE: some of these details are obtained from third party information."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1017774","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017774"},{"name":"20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html"},{"name":"[announce] 20070314 IMP H3 (4.1.4) (final)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.horde.org/archives/announce/2007/000316.html"},{"name":"20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/462914/100/0/threaded"},{"name":"ADV-2007-0964","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0964"},{"name":"24541","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24541"},{"name":"22975","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/22975"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-1515","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php.  NOTE: some of these details are obtained from third party information."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1017774","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017774"},{"name":"20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html"},{"name":"[announce] 20070314 IMP H3 (4.1.4) (final)","refsource":"MLIST","url":"http://lists.horde.org/archives/announce/2007/000316.html"},{"name":"20070315 Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/462914/100/0/threaded"},{"name":"ADV-2007-0964","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0964"},{"name":"24541","refsource":"SECUNIA","url":"http://secunia.com/advisories/24541"},{"name":"22975","refsource":"BID","url":"http://www.securityfocus.com/bid/22975"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-1515","datePublished":"2007-03-20T10:00:00.000Z","dateReserved":"2007-03-20T00:00:00.000Z","dateUpdated":"2024-08-07T12:59:08.400Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-03-20 10:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horde:imp:*:*:*:*:*:*:*:*","versionEndIncluding":"4.1.3","matchCriteriaId":"50BC1694-27D6-4278-BC35-02D1ADC88D89"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"1515","Ordinal":"1","Title":"CVE-2007-1515","CVE":"CVE-2007-1515","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"1515","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php.  NOTE: some of these details are obtained from third party information.","Type":"Description","Title":"CVE-2007-1515"},{"CveYear":"2007","CveId":"1515","Ordinal":"2","NoteData":"2007-03-20","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"1515","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}