Vulnerability ID 5395

Horde IMP up to 5.0.20 cross site scripting

Horde
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
8.4$0-$1k

A vulnerability has been found in Horde IMP up to 5.0.20 and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was published 05/09/2012 as confirmed knowledge base article (Website). The advisory is shared for download at lists.horde.org. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 5.0.21 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at Secunia (SA49042) and SecurityTracker (ID 1027051).

CVSSv3

Base Score: 8.8 [?]
Temp Score: 8.4 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C [?]
Reliability: High

CVSSv2

Base Score: 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) [?]
Temp Score: 8.7 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Cross site scripting
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $1k-$2k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k

Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Upgrade: IMP 5.0.21
Patch: github.com

Timeline

05/09/2012 Advisory disclosed
05/09/2012 +0 days Countermeasure disclosed
05/09/2012 +0 days OSVDB entry created
05/09/2012 +0 days SecurityTracker entry created
05/15/2012 +6 days VulDB entry created
12/07/2015 +1301 days VulDB entry updated

Sources

Advisory: lists.horde.org
Status: Confirmed
Secunia: 49042 - Horde IMP Multiple Cross-Site Scripting Vulnerabilities, Less Critical
SecurityTracker: 1027051 - Horde Internet Messaging Program (IMP) Input Validation Flaws Permit Cross-Site Scripting Attacks
OSVDB: 81786 - Horde IMP Multiple Page Unspecified XSS

Entry

Created: 05/15/2012
Updated: 12/07/2015
Entry: 79.8% complete