CVE-2007-1515

Published: 20 March 2007

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information.

Priority

Status

Package	Release	Status
imp4 Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Ignored (end of life, was needed)
	feisty	Released (4.1.3-4)
	gutsy	Released (4.1.3-4)
	hardy	Released (4.1.3-4)
	intrepid	Released (4.1.3-4)
	jaunty	Released (4.1.3-4)
	karmic	Released (4.1.3-4)
	upstream	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2007-1515
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.