CVE Vulnerability

CVE-2007-1679

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.securityfocus.com/bid/23136
http://securityreason.com/securityalert/2487
https://exchange.xforce.ibmcloud.com/vulnerabilities/33228
http://www.securityfocus.com/archive/1/463911/100/0/threaded
http://www.securityfocus.com/archive/1/463819/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*
Information

Published : 2007-03-26 11:19

Updated : 2019-06-18 04:33

NVD link : CVE-2007-1679

Mitre link : CVE-2007-1679

Products Affected
No products.
CWE
NVD-CWE-Other