{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1770", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1770"}, {"name": "turba-contact-test-xss(45131)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45131"}, {"name": "34703", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34703"}, {"name": "[announce] 20081210 Turba 2.3.1 (final)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.horde.org/archives/announce/2008/000465.html"}, {"name": "31168", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31168"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/0809-exploits/turba-xss.txt"}, {"name": "SUSE-SR:2008:026", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4182", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1770", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1770"}, {"name": "turba-contact-test-xss(45131)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45131"}, {"name": "34703", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34703"}, {"name": "[announce] 20081210 Turba 2.3.1 (final)", "refsource": "MLIST", "url": "http://lists.horde.org/archives/announce/2008/000465.html"}, {"name": "31168", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31168"}, {"name": "http://packetstormsecurity.org/0809-exploits/turba-xss.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/0809-exploits/turba-xss.txt"}, {"name": "SUSE-SR:2008:026", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:34.859Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1770", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1770"}, {"name": "turba-contact-test-xss(45131)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45131"}, {"name": "34703", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34703"}, {"name": "[announce] 20081210 Turba 2.3.1 (final)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.horde.org/archives/announce/2008/000465.html"}, {"name": "31168", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31168"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/0809-exploits/turba-xss.txt"}, {"name": "SUSE-SR:2008:026", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4182", "datePublished": "2008-09-23T15:00:00", "dateReserved": "2008-09-23T00:00:00", "dateUpdated": "2024-08-07T10:08:34.859Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:horde:turba_contact_manager_h3:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "49AE90C7-99D8-4763-B918-DEBDFC82DDB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:horde:turba_contact_manager_h3:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "44902F9E-9D4B-4318-96F1-0AAAC6D1CD16", "vulnerable": true}, {"criteria": "cpe:2.3:a:horde:turba_contact_manager_h3:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCE81A59-15B6-4E2A-B2B9-4F7FD8B2071C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados - XSS en imp/test.php para Horde Turba Contact Manager H3 2.2.1, y posiblemente otros productos Horde Project, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s del campo User en una sesi\u00f3n IMAP."}], "id": "CVE-2008-4182", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-09-23T15:25:42.907", "references": [{"source": "cve@mitre.org", "url": "http://lists.horde.org/archives/announce/2008/000465.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.org/0809-exploits/turba-xss.txt"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34703"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1770"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31168"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.horde.org/archives/announce/2008/000465.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.org/0809-exploits/turba-xss.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45131"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "imp: XSS attack", "id": "464210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=464210"}, "csaw": false, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session."], "name": "CVE-2008-4182", "public_date": "2008-09-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-4182"], "threat_severity": "Moderate"}