IMP HTML MIME Viewer XSS Vulnerabilities Network Vulnerability

Summary

The target is running at least one instance of IMP whose version number is between 3.0 and 3.2.5 inclusive. Such versions are vulnerable to several XSS attacks when viewing HTML messages with the HTML MIME viewer and certain browsers. For additional information, see the 3.2.6 release announcement: http://lists.horde.org/archives/imp/Week-of-Mon-20040920/039246.html ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of IMP installed there.

Solution

Upgrade to IMP version 3.2.6 or later.

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

An Image Gallery Multiple Cross-Site Scripting Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Struts Cross Site Scripting Vulnerability
Apache Subversion Module Metadata Accessible

Take action and discover your vulnerabilities