PT-2002-1258 · Horde · Imp+1

Published

2002-04-22

Updated

2016-10-18

CVE-2002-0181

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IMP version 2.2.8 HORDE version 1.2.7

Description A cross-site scripting issue allows remote attackers to execute arbitrary web script and steal cookies of other users via the script parameter in the "status.php3" file.

Recommendations For IMP version 2.2.8, update to a version that fixes this issue. For HORDE version 1.2.7, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "status.php3" file until a patch is available. Avoid using the script parameter in the affected API endpoint until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0181

Affected Products

Horde

Imp

PT-2002-1258 · Horde · Imp+1

CVE-2002-0181

Related Identifiers

Affected Products

References · 10