CVE-2010-3693: XSS
First published: Mon Apr 04 2011(Updated: )
Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Groupware Webmail Edition | <=1.2.6 | |
| Horde Groupware Webmail Edition | =1.0 | |
| Horde Groupware Webmail Edition | =1.0-rc1 | |
| Horde Groupware Webmail Edition | =1.0-rc2 | |
| Horde Groupware Webmail Edition | =1.0.1 | |
| Horde Groupware Webmail Edition | =1.0.2 | |
| Horde Groupware Webmail Edition | =1.0.3 | |
| Horde Groupware Webmail Edition | =1.0.4 | |
| Horde Groupware Webmail Edition | =1.0.5 | |
| Horde Groupware Webmail Edition | =1.0.6 | |
| Horde Groupware Webmail Edition | =1.0.7 | |
| Horde Groupware Webmail Edition | =1.0.8 | |
| Horde Groupware Webmail Edition | =1.1 | |
| Horde Groupware Webmail Edition | =1.1-rc1 | |
| Horde Groupware Webmail Edition | =1.1-rc2 | |
| Horde Groupware Webmail Edition | =1.1-rc3 | |
| Horde Groupware Webmail Edition | =1.1-rc4 | |
| Horde Groupware Webmail Edition | =1.1.1 | |
| Horde Groupware Webmail Edition | =1.1.2 | |
| Horde Groupware Webmail Edition | =1.1.3 | |
| Horde Groupware Webmail Edition | =1.1.4 | |
| Horde Groupware Webmail Edition | =1.1.5 | |
| Horde Groupware Webmail Edition | =1.1.6 | |
| Horde Groupware Webmail Edition | =1.2 | |
| Horde Groupware Webmail Edition | =1.2-rc1 | |
| Horde Groupware Webmail Edition | =1.2.1 | |
| Horde Groupware Webmail Edition | =1.2.2 | |
| Horde Groupware Webmail Edition | =1.2.3 | |
| Horde Groupware Webmail Edition | =1.2.3-rc1 | |
| Horde Groupware Webmail Edition | =1.2.4 | |
| Horde Groupware Webmail Edition | =1.2.5 | |
| Horde IMP | <=1.1.4 | |
| Horde IMP | =1.0 | |
| Horde IMP | =1.0-alpha | |
| Horde IMP | =1.0-rc1 | |
| Horde IMP | =1.0-rc2 | |
| Horde IMP | =1.0-rc3 | |
| Horde IMP | =1.1 | |
| Horde IMP | =1.1-rc1 | |
| Horde IMP | =1.1-rc2 | |
| Horde IMP | =1.1.1 | |
| Horde IMP | =1.1.2 | |
| Horde IMP | =1.1.3 |
Remedy
http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/2522
- http://lists.horde.org/archives/announce/2010/000568.html
- http://openwall.com/lists/oss-security/2010/09/30/8
- http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h
- http://lists.horde.org/archives/announce/2010/000561.html
- http://secunia.com/advisories/41639
- http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h
- http://openwall.com/lists/oss-security/2010/09/30/7
- http://openwall.com/lists/oss-security/2010/10/01/6
- http://bugs.horde.org/ticket/9240
- http://www.osvdb.org/68267
- http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62080
Frequently Asked Questions
What is the severity of CVE-2010-3693?
CVE-2010-3693 has a medium severity level due to its potential for cross-site scripting attacks.
How do I fix CVE-2010-3693?
To fix CVE-2010-3693, upgrade Horde Dynamic IMP to version 1.1.5 or later and Horde Groupware Webmail Edition to version 1.2.7 or later.
What systems are affected by CVE-2010-3693?
CVE-2010-3693 affects Horde Dynamic IMP versions prior to 1.1.5 and Horde Groupware Webmail Edition versions prior to 1.2.7.
What kind of attack can exploit CVE-2010-3693?
CVE-2010-3693 can be exploited through cross-site scripting (XSS), allowing attackers to inject malicious scripts into web pages.
How can I determine if my system is vulnerable to CVE-2010-3693?
You can determine vulnerability to CVE-2010-3693 by checking the version of your installed Horde Dynamic IMP and Horde Groupware Webmail Edition against the affected versions.
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/description
- agent/references
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/horde
- canonical/horde groupware webmail edition
- version/horde groupware webmail edition/1.2.6
- version/horde groupware webmail edition/1.0
- version/horde groupware webmail edition/1.0-rc1
- version/horde groupware webmail edition/1.0-rc2
- version/horde groupware webmail edition/1.0.1
- version/horde groupware webmail edition/1.0.2
- version/horde groupware webmail edition/1.0.3
- version/horde groupware webmail edition/1.0.4
- version/horde groupware webmail edition/1.0.5
- version/horde groupware webmail edition/1.0.6
- version/horde groupware webmail edition/1.0.7
- version/horde groupware webmail edition/1.0.8
- version/horde groupware webmail edition/1.1
- version/horde groupware webmail edition/1.1-rc1
- version/horde groupware webmail edition/1.1-rc2
- version/horde groupware webmail edition/1.1-rc3
- version/horde groupware webmail edition/1.1-rc4
- version/horde groupware webmail edition/1.1.1
- version/horde groupware webmail edition/1.1.2
- version/horde groupware webmail edition/1.1.3
- version/horde groupware webmail edition/1.1.4
- version/horde groupware webmail edition/1.1.5
- version/horde groupware webmail edition/1.1.6
- version/horde groupware webmail edition/1.2
- version/horde groupware webmail edition/1.2-rc1
- version/horde groupware webmail edition/1.2.1
- version/horde groupware webmail edition/1.2.2
- version/horde groupware webmail edition/1.2.3
- version/horde groupware webmail edition/1.2.3-rc1
- version/horde groupware webmail edition/1.2.4
- version/horde groupware webmail edition/1.2.5
- canonical/horde imp
- version/horde imp/1.1.4
- version/horde imp/1.0
- version/horde imp/1.0-alpha
- version/horde imp/1.0-rc1
- version/horde imp/1.0-rc2
- version/horde imp/1.0-rc3
- version/horde imp/1.1
- version/horde imp/1.1-rc1
- version/horde imp/1.1-rc2
- version/horde imp/1.1.1
- version/horde imp/1.1.2
- version/horde imp/1.1.3