CVE-2005-3352 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352): Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
Dupe.
*** This bug has been marked as a duplicate of bug 202327 ***