Summary
The target is running at least one instance of IMP whose version number is between 3.0 and 3.2.5 inclusive. Such versions are vulnerable to several XSS attacks when viewing HTML messages with the HTML MIME viewer and certain browsers. For additional information, see the 3.2.6 release announcement:
http://lists.horde.org/archives/imp/Week-of-Mon-20040920/039246.html
***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of IMP installed there.
Solution
Upgrade to IMP version 3.2.6 or later.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities