Test ID:	1.3.6.1.4.1.25623.1.0.100826
Category:	Web application abuses
Title:	Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability
Summary:	Horde IMP Webmail is prone to an HTML injection vulnerability; because it fails to sufficiently sanitize user-supplied data before it is used in dynamic; content.
Description:	Summary: Horde IMP Webmail is prone to an HTML injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Vulnerability Impact: Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: Horde IMP 4.3.7 is affected. Other versions may also be vulnerable. Solution: Updates are available. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3695 20100927 XSS in Horde IMP <=4.3.7, fetchmailprefs.php http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html http://www.securityfocus.com/archive/1/513992/100/0/threaded 41627 http://secunia.com/advisories/41627 43515 http://www.securityfocus.com/bid/43515 43896 http://secunia.com/advisories/43896 8170 http://securityreason.com/securityalert/8170 ADV-2010-2513 http://www.vupen.com/english/advisories/2010/2513 ADV-2011-0769 http://www.vupen.com/english/advisories/2011/0769 DSA-2204 http://www.debian.org/security/2011/dsa-2204 [announce] 20100928 Horde Groupware Webmail Edition 1.2.7 (final) http://lists.horde.org/archives/announce/2010/000568.html [announce] 20100928 IMP H3 (4.3.8) (final) http://lists.horde.org/archives/announce/2010/000558.html [oss-security] 20100930 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php http://openwall.com/lists/oss-security/2010/09/30/7 http://openwall.com/lists/oss-security/2010/09/30/8 [oss-security] 20101001 Re: CVE request: Horde Gollem <1.1.2 XSS in view.php http://openwall.com/lists/oss-security/2010/10/01/6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598584 http://cvs.horde.org/diff.php/imp/docs/CHANGES?rt=horde&r1=1.699.2.424&r2=1.699.2.430&ty=h http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 https://bugzilla.redhat.com/show_bug.cgi?id=641069 Common Vulnerability Exposure (CVE) ID: CVE-2010-4778
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.