CVE-2012-0791 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-0791 Interim 1 9 2023-02-15T02:21:42Z current 2021-05-30T13:02:06Z 2023-02-15T02:21:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-0791 Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00018.html E-Mail link for openSUSE-SU-2012:0287-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed horde5-imp-6.2.5-1.2 horde5-imp-6.2.5-1.2 as a component of openSUSE Tumbleweed Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. CVE-2012-0791 openSUSE Tumbleweed:horde5-imp-6.2.5-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N