cvelistv5 - cve-2008-3823

CVE-2008-3823 (GCVE-0-2008-3823)

Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:53

Summary

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/31842	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1642	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2008/2548	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/31959	third-party-advisoryx_refsource_SECUNIA
	http://ocert.org/patches/2008-012/MIME.patch	x_refsource_MISC
	http://marc.info/?l=horde-announce&m=122104360019…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/31110	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/496182/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/4245	third-party-advisoryx_refsource_SREASON
	http://www.openwall.com/lists/oss-security/2008/09/10/1	mailing-listx_refsource_MLIST
	http://www.ocert.org/advisories/ocert-2008-012.html	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "horde-mime-xss(45030)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
          },
          {
            "name": "31842",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31842"
          },
          {
            "name": "DSA-1642",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1642"
          },
          {
            "name": "ADV-2008-2548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2548"
          },
          {
            "name": "31959",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31959"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ocert.org/patches/2008-012/MIME.patch"
          },
          {
            "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
          },
          {
            "name": "31110",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31110"
          },
          {
            "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
          },
          {
            "name": "4245",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4245"
          },
          {
            "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "horde-mime-xss(45030)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
        },
        {
          "name": "31842",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31842"
        },
        {
          "name": "DSA-1642",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1642"
        },
        {
          "name": "ADV-2008-2548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2548"
        },
        {
          "name": "31959",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31959"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ocert.org/patches/2008-012/MIME.patch"
        },
        {
          "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
        },
        {
          "name": "31110",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31110"
        },
        {
          "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
        },
        {
          "name": "4245",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4245"
        },
        {
          "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3823",
    "datePublished": "2008-09-12T16:00:00",
    "dateReserved": "2008-08-27T00:00:00",
    "dateUpdated": "2024-08-07T09:53:00.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"457276C8-6665-48C5-948C-E65E6309C0ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:horde:horde:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49101F2D-3347-40BC-A1F6-AD95A8F2A013\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\\u00f3dulo MIME/MIME/Contents.php de la biblioteca MIME de Horde 3.2.x anterior a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\\u00f3n utilizando el nombre del fichero adjunto en el mensaje MIME.\"}]",
      "id": "CVE-2008-3823",
      "lastModified": "2024-11-21T00:50:12.473",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-09-12T16:56:20.523",
      "references": "[{\"url\": \"http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://ocert.org/patches/2008-012/MIME.patch\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/31842\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31959\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securityreason.com/securityalert/4245\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1642\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2008-012.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/09/10/1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/496182/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/31110\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2548\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45030\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://ocert.org/patches/2008-012/MIME.patch\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/31842\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31959\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1642\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2008-012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/09/10/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/496182/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/31110\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2548\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3823\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-09-12T16:56:20.523\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo MIME/MIME/Contents.php de la biblioteca MIME de Horde 3.2.x anterior a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n utilizando el nombre del fichero adjunto en el mensaje MIME.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"457276C8-6665-48C5-948C-E65E6309C0ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:horde:horde:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49101F2D-3347-40BC-A1F6-AD95A8F2A013\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://ocert.org/patches/2008-012/MIME.patch\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/31842\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31959\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/4245\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1642\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2008-012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/09/10/1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/496182/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/31110\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2548\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45030\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://ocert.org/patches/2008-012/MIME.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/31842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2008-012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/09/10/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/496182/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2548\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-3823

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3823

Aliases

CVE-2008-3823

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3823",
    "description": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.",
    "id": "GSD-2008-3823",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3823.html",
      "https://www.debian.org/security/2008/dsa-1642"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3823"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.",
      "id": "GSD-2008-3823",
      "modified": "2023-12-13T01:23:05.942301Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-3823",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
          },
          {
            "name": "http://secunia.com/advisories/31842",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31842"
          },
          {
            "name": "http://securityreason.com/securityalert/4245",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/4245"
          },
          {
            "name": "http://www.ocert.org/advisories/ocert-2008-012.html",
            "refsource": "MISC",
            "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2008/09/10/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/496182/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2548",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2548"
          },
          {
            "name": "http://ocert.org/patches/2008-012/MIME.patch",
            "refsource": "MISC",
            "url": "http://ocert.org/patches/2008-012/MIME.patch"
          },
          {
            "name": "http://secunia.com/advisories/31959",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31959"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1642",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1642"
          },
          {
            "name": "http://www.securityfocus.com/bid/31110",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/31110"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:horde:horde:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-3823"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ocert.org/patches/2008-012/MIME.patch",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://ocert.org/patches/2008-012/MIME.patch"
            },
            {
              "name": "31110",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/31110"
            },
            {
              "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
            },
            {
              "name": "31842",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31842"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2008-012.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
            },
            {
              "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
            },
            {
              "name": "31959",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31959"
            },
            {
              "name": "4245",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4245"
            },
            {
              "name": "DSA-1642",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1642"
            },
            {
              "name": "ADV-2008-2548",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2548"
            },
            {
              "name": "horde-mime-xss(45030)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
            },
            {
              "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:49Z",
      "publishedDate": "2008-09-12T16:56Z"
    }
  }
}

FKIE_CVE-2008-3823

Vulnerability from fkie_nvd - Published: 2008-09-12 16:56 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://marc.info/?l=horde-announce&m=122104360019867&w=2	Patch
secalert@redhat.com	http://ocert.org/patches/2008-012/MIME.patch	Patch
secalert@redhat.com	http://secunia.com/advisories/31842	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31959
secalert@redhat.com	http://securityreason.com/securityalert/4245
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1642
secalert@redhat.com	http://www.ocert.org/advisories/ocert-2008-012.html
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/09/10/1	Patch
secalert@redhat.com	http://www.securityfocus.com/archive/1/496182/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/31110	Exploit
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2548
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45030
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=horde-announce&m=122104360019867&w=2	Patch
af854a3a-2127-422b-91ae-364da2661108	http://ocert.org/patches/2008-012/MIME.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31842	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31959
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4245
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1642
af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/advisories/ocert-2008-012.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/09/10/1	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/496182/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31110	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2548
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45030

Impacted products

	Vendor	Product	Version
	horde	horde	3.2
	horde	horde	3.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:horde:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "457276C8-6665-48C5-948C-E65E6309C0ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49101F2D-3347-40BC-A1F6-AD95A8F2A013",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo MIME/MIME/Contents.php de la biblioteca MIME de Horde 3.2.x anterior a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n utilizando el nombre del fichero adjunto en el mensaje MIME."
    }
  ],
  "id": "CVE-2008-3823",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-12T16:56:20.523",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://ocert.org/patches/2008-012/MIME.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31842"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/4245"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1642"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31110"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2548"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ocert.org/patches/2008-012/MIME.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-458

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités sont présentes dans les produits Horde et permettent à un utilisateur distant malintentionné de réaliser des attaques de type « injection de code indirecte » (cross-site scripting).

Description

Deux vulnérabilités sont présentes dans plusieurs produits Horde comme Groupeware, Groupeware Webmail Edition et Application Framework. Ces vulnérabilités sont relatives à la mise en œuvre d'extensions MIME ou bien à la gestion de certains caractères d'échappement. Elles permettent à un utilisateur distant malintentionné de réaliser des attaques de type « injection de code indirecte » (cross-site scripting).

Contournement provisoire

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Horde	N/A	Horde Application Framework versions 3.2.2 et antérieures.
Horde	N/A	Horde Groupeware Webmail Edition versions 1.0.7 et antérieures ;
Horde	N/A	Horde Application Framework versions 3.1.8 et antérieures ;
Horde	N/A	Horde Groupeware Webmail Edition versions 1.1.2 et antérieures ;
Horde	N/A	Horde Groupeware versions 1.0.6 et antérieures ;
Horde	N/A	Horde Groupeware versions 1.1.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletins de sécurité Horde	None	vendor-advisory
Bulletin de sécurité de l'oCERT :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Horde Application Framework versions 3.2.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware Webmail Edition versions 1.0.7 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Application Framework versions 3.1.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware Webmail Edition versions 1.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware versions 1.0.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware versions 1.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans plusieurs produits Horde comme\nGroupeware, Groupeware Webmail Edition et Application Framework. Ces\nvuln\u00e9rabilit\u00e9s sont relatives \u00e0 la mise en \u0153uvre d\u0027extensions MIME ou\nbien \u00e0 la gestion de certains caract\u00e8res d\u0027\u00e9chappement. Elles permettent\n\u00e0 un utilisateur distant malintentionn\u00e9 de r\u00e9aliser des attaques de type\n\u00ab injection de code indirecte \u00bb (cross-site scripting).\n\n## Contournement provisoire\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3823"
    },
    {
      "name": "CVE-2008-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3824"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de l\u0027oCERT :",
      "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
    }
  ],
  "reference": "CERTA-2008-AVI-458",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Horde et\npermettent \u00e0 un utilisateur distant malintentionn\u00e9 de r\u00e9aliser des\nattaques de type \u00ab injection de code indirecte \u00bb (\u003cspan\nclass=\"textit\"\u003ecross-site scripting\u003c/span\u003e).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Horde",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Horde",
      "url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
    }
  ]
}

CERTA-2008-AVI-458

Vulnerability from certfr_avis - Published: - Updated:

Description

Contournement provisoire

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Horde	N/A	Horde Application Framework versions 3.2.2 et antérieures.
Horde	N/A	Horde Groupeware Webmail Edition versions 1.0.7 et antérieures ;
Horde	N/A	Horde Application Framework versions 3.1.8 et antérieures ;
Horde	N/A	Horde Groupeware Webmail Edition versions 1.1.2 et antérieures ;
Horde	N/A	Horde Groupeware versions 1.0.6 et antérieures ;
Horde	N/A	Horde Groupeware versions 1.1.2 et antérieures ;

References

Title

Publication Time

Tags

Bulletins de sécurité Horde	None	vendor-advisory
Bulletin de sécurité de l'oCERT :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Horde Application Framework versions 3.2.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware Webmail Edition versions 1.0.7 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Application Framework versions 3.1.8 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware Webmail Edition versions 1.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware versions 1.0.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupeware versions 1.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans plusieurs produits Horde comme\nGroupeware, Groupeware Webmail Edition et Application Framework. Ces\nvuln\u00e9rabilit\u00e9s sont relatives \u00e0 la mise en \u0153uvre d\u0027extensions MIME ou\nbien \u00e0 la gestion de certains caract\u00e8res d\u0027\u00e9chappement. Elles permettent\n\u00e0 un utilisateur distant malintentionn\u00e9 de r\u00e9aliser des attaques de type\n\u00ab injection de code indirecte \u00bb (cross-site scripting).\n\n## Contournement provisoire\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3823"
    },
    {
      "name": "CVE-2008-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3824"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de l\u0027oCERT :",
      "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
    }
  ],
  "reference": "CERTA-2008-AVI-458",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Horde et\npermettent \u00e0 un utilisateur distant malintentionn\u00e9 de r\u00e9aliser des\nattaques de type \u00ab injection de code indirecte \u00bb (\u003cspan\nclass=\"textit\"\u003ecross-site scripting\u003c/span\u003e).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Horde",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Horde",
      "url": "http://marc.info/?l=horde-announce\u0026m=122103888111491\u0026w=2"
    }
  ]
}

GHSA-2RW3-M7RG-9XCH

Vulnerability from github – Published: 2022-05-02 00:03 – Updated: 2022-05-02 00:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-12T16:56:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.",
  "id": "GHSA-2rw3-m7rg-9xch",
  "modified": "2022-05-02T00:03:54Z",
  "published": "2022-05-02T00:03:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3823"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=horde-announce\u0026m=122104360019867\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://ocert.org/patches/2008-012/MIME.patch"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31842"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31959"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4245"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1642"
    },
    {
      "type": "WEB",
      "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31110"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2548"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3823 (GCVE-0-2008-3823)

GSD-2008-3823

FKIE_CVE-2008-3823

CERTA-2008-AVI-458

Description

Contournement provisoire

Solution

CERTA-2008-AVI-458

Description

Contournement provisoire

Solution

GHSA-2RW3-M7RG-9XCH

Tags

Sightings

Nomenclature