Detections
Analytics
Horde IMP status.php3 script Parameter XSS
medium Nessus Plugin ID 15616
Language:
Synopsis
The remote web server is running a PHP application that is affected by a cross-site scripting vulnerability.Description
The remote host is running at least one instance of Horde IMP in which the 'status.php3' script is vulnerable to a cross-site scripting attack since information passed to it is not properly sanitized.Solution
Upgrade to IMP version 2.2.8 or later.See Also
Plugin Details
Severity: Medium
ID: 15616
File Name: imp_status_xss.nasl
Version: 1.23
Type: remote
Family: CGI abuses : XSS
Published: 11/3/2004
Updated: 8/15/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:horde:imp
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 4/9/2004
Reference Information
CVE: CVE-2002-0181
BID: 4444