CVE-2012-0791

Name of the Vulnerable Software and Affected Versions horde3-dimp versions not specified horde3-imp versions not specified Horde IMP versions prior to 5.0.18 Horde Groupware Webmail Edition versions prior to 4.0.6

Description The issue allows remote attackers to exploit multiple cross-site scripting (XSS) vulnerabilities, potentially leading to a breach of protected information integrity. The exploitation can be carried out remotely. Vulnerable parameters include composeCache, rtemode, filename *, formname, and IMAP mailbox names.

Recommendations For horde3-dimp, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For horde3-imp, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Horde IMP versions prior to 5.0.18, update to version 5.0.18 or later. For Horde Groupware Webmail Edition versions prior to 4.0.6, update to version 4.0.6 or later. As a temporary workaround, consider restricting access to the compose page and contacts popup window until a patch is available. Avoid using the vulnerable parameters composeCache, rtemode, filename *, and formname in the affected API endpoints until the issue is resolved.