[SECURITY] Cross Site Scripting vulnerability in Horde/IMP

wstuermer

Blog Benutzer
Dear Plesk user,

a new vulnerability was added to our database:

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde/IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.[/CODE]This affects Horde/IMP in Plesk up to version 10.0.1. Plesk 10.1.1 contains Horde/IMP 4.3.9 and should not be affected.

For further details see
CVE-2010-3695


Best regards,
Plesk Security Announcements Team
 
Last edited by a moderator:
Top