DSA-1770-1 imp4 -- Insufficient input sanitisingID: oval:org.secpod.oval:def:600274 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4182 It was discovered that imp4 suffers from a cross-site scripting attack via the user field in an IMAP session, which allows attackers to inject arbitrary HTML code. CVE-2009-0930 It was discovered that imp4 is prone to several cross-site scripting attacks via several vectors in the mail code allowing attackers to inject arbitrary HTML code. For the oldstable distribution , these problems have been fixed in version 4.1.3-4etch1. For the stable distribution , these problems have been fixed in version 4.2-4, which was already included in the lenny release. For the testing distribution and the unstable distribution , these problems have been fixed in version 4.2-4. We recommend that you upgrade your imp4 packages.