wstuermer
Active Member
Dear Plesk user,
a new vulnerability was added to our database:
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde/IMP before 4.3.8 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action.
This is a different issue than CVE-2010-3695, which was added to our database a few days ago.
This affects Plesk up to version 10.0.1. Newer versions include Horde/IMP 4.3.9 and are not affected.
For further details see CVE-2010-4778
Best regards,
Plesk Security Announcements Team
a new vulnerability was added to our database:
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde/IMP before 4.3.8 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action.
This is a different issue than CVE-2010-3695, which was added to our database a few days ago.
This affects Plesk up to version 10.0.1. Newer versions include Horde/IMP 4.3.9 and are not affected.
For further details see CVE-2010-4778
Best regards,
Plesk Security Announcements Team