CVE-2007-1515

{"id": "CVE-2007-1515", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-20T10:19:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052977.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.horde.org/archives/announce/2007/000316.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24541", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/462914/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22975", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017774", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0964", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde IMP H3 4.1.3 y, posiblemente, versiones anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) la cabecera del Subject de los email en el thread.php,(2) el par\u00e1metro edit_query del search.php u otros par\u00e1metros sin especificar en el search.php. NOTA: algunos de los detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "lastModified": "2018-10-16T16:38:52.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:horde:imp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50BC1694-27D6-4278-BC35-02D1ADC88D89", "versionEndIncluding": "4.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}