wstuermer
Active Member
Dear Plesk user,
a new vulnerability was added to our database:
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde/IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.[/CODE]This affects Horde/IMP in Plesk up to version 10.0.1. Plesk 10.1.1 contains Horde/IMP 4.3.9 and should not be affected.
For further details see
CVE-2010-3695
Best regards,
Plesk Security Announcements Team
a new vulnerability was added to our database:
Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde/IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.[/CODE]This affects Horde/IMP in Plesk up to version 10.0.1. Plesk 10.1.1 contains Horde/IMP 4.3.9 and should not be affected.
For further details see
CVE-2010-3695
Best regards,
Plesk Security Announcements Team
Last edited by a moderator: