Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Horde IMP 2.2.7 Cross Site Scripting Vulnerability

Horde IMP 2.2.7 Cross Site Scripting Vulnerability

by Nikola Strahija on April 9th, 2002 Horde IMP 2.2.7 is vulnerable to a cross site scripting problem. The component status.php3 fails to filter HTML or script code when passed to it in the following manner: status.php3?script=alert("Hello Worlds") It is possible that script injected in this way may be viewed by other users.


Remote: Yes

Exploit: No

Solution: The vendor recommends upgrading to IMP 3. If this is not possible, a patched version of the 2.2 series is available. Install either the upgrade or the patch.


Horde IMP 2.2.7:

Horde Upgrade imp-2.2.8.tar.gz
ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.8.tar.gz

Horde Patch patch-imp-2.2.7-2.2.8.gz
ftp://ftp.horde.org/pub/imp/tarballs/patch-imp-2.2.7-2.2.8.gz



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »