CVE-2008-4182

NameCVE-2008-4182
DescriptionCross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1770-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs500114, 500553
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imp4 (PTS)squeeze (security), squeeze4.3.7+debian0-2.2fixed
turba2 (PTS)squeeze2.3.4+debian0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imp4source(unstable)4.2-3low500553
imp4sourceetch4.1.3-4etch1mediumDSA-1770-1
turba2source(unstable)2.2.1-2low500114

Notes

[etch] - turba2 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems