NVD

Id
46685  
Name
CVE-2012-5565  
Description
Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-04-05  
Modified Date
2014-04-07  
Seq
2012-5565  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
233845 46685 CVE-2012-5565 [announce] 20121114 IMP H4 (5.0.24) (final)  View
233846 46685 CVE-2012-5565 [announce] 20121114 Horde Groupware Webmail Edition 4.0.9 (final)  View
233847 46685 CVE-2012-5565 openSUSE-SU-2012:1626  View
233848 46685 CVE-2012-5565 [oss-security] 20121123 Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments.  View
233849 46685 CVE-2012-5565 https://github.com/horde/horde/commit/1550c6ecd7204f9579fcbb09ec7089e01b0771e2  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30462 JVNDB-2012-006170 Horde Groupware Webmail Edition で使用される Horde Internet Mail Program におけるクロスサイトスクリプティングの脆弱性 Horde Groupware Webmail Edition で使用される Horde Internet Mail Program (IMP) の js/compose-dimp.js には、動的ビューに関する処理に不備があるため、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-5565 58803 CVE-2012-5565 46685 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-006170.html 2012-11-14 2014-04-08 View