CVE-2010-3695

NameCVE-2010-3695
DescriptionCross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2204-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs598584
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imp4 (PTS)squeeze (security), squeeze4.3.7+debian0-2.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imp4source(unstable)4.3.7+debian0-2.1low598584
imp4sourcelenny4.2-4lenny3mediumDSA-2204-1

Notes

http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html

Search for package or bug name: Reporting problems