CVE-2006-4255

Published: Aug 21, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.

Affected (38)

Products: Horde: Horde, Imp

Horde

2 products

Horde

Imp

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Horde Horde	Version 3.0.1
Horde Horde	Version 3.0.2
Horde Horde	Version 3.0.3
Horde Horde	Version 3.0.4
Horde Horde	Version 3.0.4_rc1
Horde Horde	Version 3.0.4_rc2
Horde Horde	Version 3.0.6
Horde Horde	Version 3.0.7
Horde Horde	Version 3.0.8
Horde Horde	Version 3.0.9
Horde Horde	Version 3.0
Horde Horde	Version 3.1.1
Horde Horde	Version 3.1
Horde Imp	Version 2.0
Horde Imp	Version 2.2.1
Horde Imp	Version 2.2.2
Horde Imp	Version 2.2.3
Horde Imp	Version 2.2.4
Horde Imp	Version 2.2.5
Horde Imp	Version 2.2.6
Horde Imp	Version 2.2.7
Horde Imp	Version 2.2.8
Horde Imp	Version 2.2
Horde Imp	Version 2.3
Horde Imp	Version 3.0
Horde Imp	Version 3.1.2
Horde Imp	Version 3.1
Horde Imp	Version 3.2.1
Horde Imp	Version 3.2.2
Horde Imp	Version 3.2.3
Horde Imp	Version 3.2.4
Horde Imp	Version 3.2.5
Horde Imp	Version 3.2
Horde Imp	Version 4.0.1
Horde Imp	Version 4.0.2
Horde Imp	Version 4.0.3
Horde Imp	Version 4.0.4
Horde Imp	Version 4.0