← Back

CVE-2005-4080

nvd nist
Published: Dec 8, 2005Modified: Apr 16, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

Affected (25)

Products: Horde: Imp
Horde
1 product
Imp
Configuration A
25 vulnerable
Vulnerable SoftwareAffected Versions
Horde
Imp
Version 2.0
Imp
Version 2.2.1
Imp
Version 2.2.2
Imp
Version 2.2.3
Imp
Version 2.2.4
Imp
Version 2.2.5
Imp
Version 2.2.6
Imp
Version 2.2.7
Imp
Version 2.2.8
Imp
Version 2.2
Imp
Version 2.3
Imp
Version 3.0
Imp
Version 3.1.2
Imp
Version 3.1
Imp
Version 3.2.1
Imp
Version 3.2.2
Imp
Version 3.2.3
Imp
Version 3.2.4
Imp
Version 3.2.5
Imp
Version 3.2
Imp
Version 4.0.1
Imp
Version 4.0.2
Imp
Version 4.0.3
Imp
Version 4.0.4
Imp
Version 4.0

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.