CVE-2009-0930

NameCVE-2009-0930
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1770-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs513266
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imp4 (PTS)squeeze (security), squeeze4.3.7+debian0-2.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imp4source(unstable)4.2-4medium513266
imp4sourceetch4.1.3-4etch1mediumDSA-1770-1

Search for package or bug name: Reporting problems