Imp CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2005-4080	1 Horde	1 Imp	2025-04-03	N/A
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
CVE-2000-0911	1 Horde	1 Imp	2025-04-03	N/A
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

« first previous Page 2 of 2.