Security Advisory

CVE-2005-4080

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2005-12-08 01:00:00

Last updated 2024-08-07 23:31:49

Assigner mitre

State PUBLISHED

Description

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

← Browse all CVEs View on cve.org ↗