Detections
Analytics

CVE-2010-3693

medium

Description

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/62080

http://www.vupen.com/english/advisories/2010/2522

http://www.osvdb.org/68267

http://secunia.com/advisories/41639

http://openwall.com/lists/oss-security/2010/10/01/6

http://openwall.com/lists/oss-security/2010/09/30/8

http://lists.horde.org/archives/announce/2010/000568.html

http://lists.horde.org/archives/announce/2010/000561.html

http://git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d

http://git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h

http://cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h

http://bugs.horde.org/ticket/9240

Details

Source: Mitre, NVD

Published: 2011-04-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00684