| Vulnerability Name: | CVE-2012-0791 (CCN-72570) | ||||||||||||||||||||||||
| Assigned: | 2012-01-20 | ||||||||||||||||||||||||
| Published: | 2012-01-20 | ||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||
| Summary: | |||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0791 Source: CCN Type: Horde Web Site IMP H4 (4.3.11) (final) Source: CCN Type: SA47580 Horde IMP Multiple Vulnerabilities Source: CCN Type: SA47592 Horde Groupware Webmail Edition Multiple Vulnerabilities Source: CCN Type: SA47858 Horde IMP Multiple Vulnerabilities Source: CCN Type: SA47879 Horde DIMP IMAP Mailbox Names Script Insertion Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-2485 imp4 -- cross site scripting Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Horde IMP Web Site Downloads - The Horde Project Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-51586 Multiple Horde Products Cross Site Scripting and HTML Injection Vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN hordeimp-multiple-xss(72570) | ||||||||||||||||||||||||
| Vulnerability Name: | CVE-2012-0791 (CCN-72571) | ||||||||||||||||||||||||
| Assigned: | 2012-01-20 | ||||||||||||||||||||||||
| Published: | 2012-01-20 | ||||||||||||||||||||||||
| Updated: | 2018-01-18 | ||||||||||||||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. Note: some of these details are obtained from third party information. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0791 Source: CCN Type: SA47580 Horde IMP Multiple Vulnerabilities Source: CCN Type: SA47592 Horde Groupware Webmail Edition Multiple Vulnerabilities Source: CCN Type: SA47858 Horde IMP Multiple Vulnerabilities Source: CCN Type: SA47879 Horde DIMP IMAP Mailbox Names Script Insertion Vulnerability Source: DEBIAN Type: DSA-2485 imp4 -- cross site scripting Source: CCN Type: Horde Web Site v5.0.18 Source: CCN Type: Horde IMP Web Site Downloads - The Horde Project Source: CCN Type: BID-51586 Multiple Horde Products Cross Site Scripting and HTML Injection Vulnerabilities Source: XF Type: UNKNOWN hordeimp-imap-xss(72571) | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||