CVE-2007-1515

Publication date 20 March 2007

Last updated 17 July 2025

Ubuntu priority

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
imp4	9.10 karmic	Fixed 4.1.3-4
	9.04 jaunty	Fixed 4.1.3-4
	8.10 intrepid	Fixed 4.1.3-4
	8.04 LTS hardy	Fixed 4.1.3-4
	7.10 gutsy	Fixed 4.1.3-4
	7.04 feisty	Fixed 4.1.3-4
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-1515

CVE-2007-1515

Description

Status

References

Other references

Access our resources on patching vulnerabilities