Imp: Security Vulnerabilities
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
CVSS Score
7.5
EPSS Score
0.077
Published
2001-12-06
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
CVSS Score
2.1
EPSS Score
0.001
Published
2000-04-22
IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.
CVSS Score
5.0
EPSS Score
0.004
Published
2000-04-22