CVE-2012-6640

Published: 5 April 2014

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.

Priority

Status

Package	Release	Status
horde3 Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist
	upstream	Released (5.0.22)
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

https://github.com/horde/horde/commit/08c699f744b6d2be1a5f3a2ba7203f4631b4c5dc
http://lists.horde.org/archives/announce/2012/000840.html
http://lists.horde.org/archives/announce/2012/000775.html
https://www.cve.org/CVERecord?id=CVE-2012-6640
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.