Vulnerability Name:

CVE-2004-1443 (CCN-16866)

Assigned:2004-08-03
Published:2004-08-03
Updated:2017-07-11
Summary:Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1443

Source: CONFIRM
Type: UNKNOWN
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h

Source: CCN
Type: SA12202
Horde IMP Script Insertion Vulnerability

Source: SECUNIA
Type: Patch
12202

Source: CCN
Type: CVS Web site
Diff for imp/docs/CHANGES between version 1.389.2.106 and 1.389.2.109

Source: CCN
Type: GLSA-200408-07
Horde-IMP: Input validation vulnerability for Internet Explorer users

Source: GENTOO
Type: Patch
GLSA-200408-07

Source: CCN
Type: Horde Web site
IMP news

Source: CCN
Type: OSVDB ID: 8293
Horde IMP with MSIE MIME Viewer E-mail Message XSS

Source: BID
Type: Patch
10845

Source: CCN
Type: BID-10845
Horde IMP HTML+TIME HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
imp-html-viewer-xss(16866)

Source: XF
Type: UNKNOWN
imp-html-viewer-xss(16866)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:horde:imp:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:imp:3.2.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    horde imp 2.0
    horde imp 2.2
    horde imp 2.2.1
    horde imp 2.2.2
    horde imp 2.2.3
    horde imp 2.2.4
    horde imp 2.2.5
    horde imp 2.2.6
    horde imp 2.2.7
    horde imp 2.2.8
    horde imp 2.3
    horde imp 3.0
    horde imp 3.1
    horde imp 3.1.2
    horde imp 3.2
    horde imp 3.2.1
    horde imp 3.2.2
    horde imp 3.2.3
    horde imp 3.2.4