IMP Content-Type Header XSS

This script is Copyright (C) 2004-2015 George A. Theall

Synopsis :

The remote web server is hosting a PHP application that is affected by
a cross-site scripting vulnerability.

Description :

The remote server is running at least one instance of IMP whose
version number is between 2.0 and 3.2.3 inclusive. Such versions are
vulnerable to a cross-scripting attack whereby an attacker may be
able to cause a victim to unknowingly run arbitrary JavaScript code
simply by reading a MIME message with a specially crafted Content-Type

Note : Nessus has determined the vulnerability exists on the target
simply by looking at the version number of IMP installed there
it has
not attempted to actually exploit the vulnerability.

See also :

Solution :

Upgrade to IMP version 3.2.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 12263 (imp_content_type_xss.nasl)

Bugtraq ID: 10501

CVE ID: CVE-2004-0584

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial