Cross-site scripting vulnerability in Horde/IMP 2.2.7 and 3.0
| Package(s): | imp horde/imp | CVE #(s): | |||||||||
| Created: | May 21, 2002 | Updated: | June 19, 2002 | ||||||||
| Description: | Version 2.2.8 of IMP has been released, it
fixes some vulnerabilities. "The Horde team announces the
availability of IMP 2.2.8, which prevents some potential cross-site
scripting (CSS) attacks." Upgrading
to IMP 3.1 or, at least, 2.2.8 is recommended
(First LWN
report: April 11, 2002).
Update: IMP 3.0, which was initially believed to be immune, is also vulnerable. The problem is fixed in IMP 3.1. | ||||||||||
| Alerts: |
| ||||||||||
Posted Jun 20, 2002 17:01 UTC (Thu)
by bjn (guest, #2179)
[Link]
The "initially believed to be immune" part isn't accurate; we new 3.0 was vulnerable, but decided to fix it in 3.1.
Cross-site scripting vulnerability in Horde/IMP 2.2.7 and 3.0