[imp] JS injection in Horde IMP 2.2.7

Chuck Hagenbuch chuck@horde.org
Thu, 22 Aug 2002 09:32:58 -0400


Quoting datan@seas.upenn.edu:

> So it is possible that imp running on unpatched php 3.0.16 will be
> vulnerable even if 2.2.8 or 3.0+ ?

Sure, but PHP 3.0.16 is probably vulnerable to a million other things right 
now - it's not even the latest release of PHP3, let alone the latest stable 
PHP release!

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"After a few minutes the most aromatic and nice smelling Italian coffee 
 will come out of the exhaustpipe." - Our stove-top espresso pot