[SECURITY] multiple Cross Site Scripting vulnerabilities in Horde/IMP


Blog Benutzer
Dear Plesk user,

a new vulnerability was added to our database:

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde/IMP before 4.3.8 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action.

This is a different issue than CVE-2010-3695, which was added to our database a few days ago.

This affects Plesk up to version 10.0.1. Newer versions include Horde/IMP 4.3.9 and are not affected.

For further details see CVE-2010-4778

Best regards,
Plesk Security Announcements Team