header-logo
Suggest Exploit
vendor:
Horde IMP Webmail Client
by:
7.5
CVSS
HIGH
Input-Validation
79
CWE
Product Name: Horde IMP Webmail Client
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Horde IMP Webmail Client Input-Validation Vulnerabilities

The Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue. These vulnerabilities occur due to the application's failure to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary HTML and script code in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and control over how the site is rendered to users. Other attacks may also be possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques in the Horde IMP Webmail Client application. This should include the use of input-validation filters and strict output encoding to prevent the execution of arbitrary code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22975/info

Horde IMP Webmail Client is prone to multiple input-validation vulnerabilities, including cross-site scripting and an HTML-injection issue, because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. 

http://www.example.com/horde/imp/search.php?edit_query=[xss]

Navigation

Suggest Exploit

Services By CQR