UBUNTU-CVE-2014-4946

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2014-4946

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4946.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-4946

Upstream

CVE-2014-4946

Published

2014-07-14T14:55:00Z

Modified

2025-07-16T07:32:05.049626Z

Severity

Ubuntu - medium

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.

References

Affected packages

Ubuntu:16.04:LTS / php-horde-imp

Package

Name: php-horde-imp
Purl: pkg:deb/ubuntu/php-horde-imp@6.2.12-1ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.12-1ubuntu1

Affected versions

6.*

6.2.10-1

6.2.11-1

6.2.12-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "php-horde-imp",
            "binary_version": "6.2.12-1ubuntu1"
        }
    ]
}