Unrated severityNVD Advisory· Published Jan 24, 2012· Updated Apr 29, 2026
CVE-2012-0791
CVE-2012-0791
Description
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information.
Affected products
128cpe:2.3:a:horde:dynamic_imp:*:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:horde:dynamic_imp:*:*:*:*:*:*:*:*range: <=5.0.17
- cpe:2.3:a:horde:dynamic_imp:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:dynamic_imp:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware_webmail_edition:*:*:*:*:*:*:*:*+ 42 more
- cpe:2.3:a:horde:groupware_webmail_edition:*:*:*:*:*:*:*:*range: <=4.0.5
- cpe:2.3:a:horde:groupware_webmail_edition:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware_webmail_edition:4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*+ 52 more
- cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:3.2.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:4.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0.4-git:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:5.0:rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- secunia.com/advisories/47580nvdVendor Advisory
- secunia.com/advisories/47592nvdVendor Advisory
- www.debian.org/security/2012/dsa-2485nvd
- www.horde.org/apps/imp/docs/CHANGESnvd
- www.horde.org/apps/imp/docs/RELEASE_NOTESnvd
- www.horde.org/apps/webmail/docs/CHANGESnvd
- www.horde.org/apps/webmail/docs/RELEASE_NOTESnvd
- www.openwall.com/lists/oss-security/2012/01/22/2nvd
- www.securityfocus.com/bid/51586nvd
- www.securitytracker.com/idnvd
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.