CVE-2025-30349

HIGH7.2EPSS 40.3%

php-horde-imp - security update

發布日:2025/3/21修改日:2026/4/28

描述

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.

受影響套件(2)

Debian/php-horde-impfrom 0, < 6.2.27-2+deb11u1
Debian/php-horde-impfrom 0, < 6.2.27-2+deb11u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-30349