First published: Thu Dec 08 2005(Updated: )
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Horde IMP | =2.2.7 | |
Horde IMP | =2.2.5 | |
Horde IMP | =4.0 | |
Horde IMP | =3.1 | |
Horde IMP | =3.2.4 | |
Horde IMP | =3.1.2 | |
Horde IMP | =2.2.1 | |
Horde IMP | =3.2.2 | |
Horde IMP | =2.2.2 | |
Horde IMP | =4.0.2 | |
Horde IMP | =2.2.4 | |
Horde IMP | =2.0 | |
Horde IMP | =2.2.6 | |
Horde IMP | =3.2.3 | |
Horde IMP | =3.2.5 | |
Horde IMP | =4.0.3 | |
Horde IMP | =2.2 | |
Horde IMP | =2.3 | |
Horde IMP | =3.2 | |
Horde IMP | =4.0.1 | |
Horde IMP | =2.2.8 | |
Horde IMP | =2.2.3 | |
Horde IMP | =4.0.4 | |
Horde IMP | =3.0 | |
Horde IMP | =3.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.