Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-08T01:00:00

Updated: 2024-08-07T23:31:49.088Z

Reserved: 2005-12-08T00:00:00

Link: CVE-2005-4080

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-12-08T01:03:00.000

Modified: 2018-10-19T15:40:04.767

Link: CVE-2005-4080

cve-icon Redhat

No data.