CVE-2010-3695

NameCVE-2010-3695
DescriptionCross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2204-1
NVD severitymedium
Debian Bugs598584

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
imp4sourcelenny4.2-4lenny3DSA-2204-1
imp4source(unstable)4.3.7+debian0-2.1low598584

Notes

http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html

Search for package or bug name: Reporting problems