Vulnerabilities

CVE-2005-4080

by Fred · 07/12/2005

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

Date published : 2005-12-07

http://www.securityfocus.com/bid/15730/

http://www.securityfocus.com/archive/1/418734/100/0/threaded

Similar

Tags: Cybersecurity Alert