PT-2002-1258 · Horde · Imp+1
Publicado
2002-04-22
·
Atualizado
2016-10-18
·
CVE-2002-0181
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IMP version 2.2.8
HORDE version 1.2.7
Description
A cross-site scripting issue allows remote attackers to execute arbitrary web script and steal cookies of other users via the
script parameter in the "status.php3" file.Recommendations
For IMP version 2.2.8, update to a version that fixes this issue.
For HORDE version 1.2.7, update to a version that fixes this issue.
As a temporary workaround, consider restricting access to the "status.php3" file until a patch is available.
Avoid using the
script parameter in the affected API endpoint until the issue is resolved.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Horde
Imp