Vulnerability Name: | CVE-2008-3823 (CCN-45030) | ||||||||||||||||
Assigned: | 2008-09-10 | ||||||||||||||||
Published: | 2008-09-10 | ||||||||||||||||
Updated: | 2018-10-11 | ||||||||||||||||
Summary: | Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. | ||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2008-3823 Source: CCN Type: horde-announce Mailing List, 2008-09-10 9:22:47 Horde 3.1.9 (final) Source: CCN Type: horde-announce Mailing List, 2008-09-10 10:40:50 Horde 3.2.2 (final) Source: MLIST Type: Patch [horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final) Source: CCN Type: horde-announce Mailing List, 2008-09-10 11:28:12 Horde Groupware 1.0.7 (final) Source: CCN Type: horde-announce Mailing List, 2008-09-10 11:51:27 Horde Groupware Webmail Edition 1.0.8 (final) Source: CCN Type: horde-announce Mailing List, 2008-09-10 12:35:52 Horde Groupware 1.1.3 (final) Source: CCN Type: horde-announce Mailing List, 2008-09-10 13:08:36 Horde Groupware Webmail Edition 1.1.3 (final) Source: MISC Type: Patch http://ocert.org/patches/2008-012/MIME.patch Source: CCN Type: SA31842 Horde Products MIME Library and HTML Message Script Insertion Vulnerabilities Source: SECUNIA Type: Vendor Advisory 31842 Source: SECUNIA Type: UNKNOWN 31959 Source: SREASON Type: UNKNOWN 4245 Source: DEBIAN Type: UNKNOWN DSA-1642 Source: DEBIAN Type: DSA-1642 horde3 -- cross site scripting Source: CCN Type: Horde Web site Horde Groupware Webmail Edition Source: MISC Type: UNKNOWN http://www.ocert.org/advisories/ocert-2008-012.html Source: MLIST Type: Patch [oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS) Source: CCN Type: OSVDB ID: 48138 Horde MIME Library MIME/MIME/Contents.php Email Attachment Filename XSS Source: BUGTRAQ Type: UNKNOWN 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS) Source: BID Type: Exploit 31110 Source: CCN Type: BID-31110 Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting Vulnerability Source: VUPEN Type: UNKNOWN ADV-2008-2548 Source: XF Type: UNKNOWN horde-mime-xss(45030) Source: XF Type: UNKNOWN horde-mime-xss(45030) | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |