Vulnerability : Insufficient input sanitising Problem type : remote Debian-specific: no CVE Ids : CVE-2008-4182 CVE-2009-0930 Debian Bugs : 500114 500553 513266
Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-4182
It was discovered that imp4 suffers from a cross-site scripting (XSS) attack via the user field in an IMAP session, which allows attackers to inject arbitrary HTML code.
CVE-2009-0930
It was discovered that imp4 is prone to several cross-site scripting (XSS) attacks via several vectors in the mail code allowing attackers to inject arbitrary HTML code.
4.1.3-4etch1