Bug 490928 (CVE-2009-0930) - CVE-2009-0930 imp: multiple XSS vulnerabilities
Summary: CVE-2009-0930 imp: multiple XSS vulnerabilities
Alias: CVE-2009-0930
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: impact=moderate,source=cve,reported=2...
Depends On: 544430
TreeView+ depends on / blocked
Reported: 2009-03-18 15:43 UTC by Vincent Danen
Modified: 2019-06-08 12:43 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-04-02 10:44:25 UTC

Attachments (Terms of Use)

Comment 1 Vincent Danen 2009-03-18 15:45:40 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0930 to
the following vulnerability:

Name: CVE-2009-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0930
Assigned: 20090317
Reference: MLIST:[announce] 20090127 IMP 4.2.2 (final)
Reference: URL: http://lists.horde.org/archives/announce/2009/000484.html
Reference: MLIST:[announce] 20090127 IMP 4.3.3 (final)
Reference: URL: http://lists.horde.org/archives/announce/2009/000485.html
CONFIRM: http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.301.2.3
Reference: CONFIRM: http://cvs.horde.org/co.php/imp/docs/CHANGES?r=1.699.2.375
Reference: BID:33492
Reference: URL: http://www.securityfocus.com/bid/33492
Reference: SECUNIA:33719
Reference: URL: http://secunia.com/advisories/33719

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php,
and (3) message.php.

Comment 3 Vincent Danen 2009-12-04 21:06:41 UTC
Fedora 12 contains 4.3.4, so has this fix.  Fedora 10 and 11 contain 4.2 and are still vulnerable to this issue.

Comment 5 Fedora Update System 2010-03-29 18:42:22 UTC
imp-4.3.6-1.fc11 has been submitted as an update for Fedora 11.

Comment 6 Fedora Update System 2010-04-01 01:45:57 UTC
imp-4.3.6-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.