Cross-Site Scripting Vulnerability in Horde IMP Email Client
CVE-2006-4255

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
21 August 2006

What is CVE-2006-4255?

The vulnerability in the Horde IMP email client allows remote attackers to exploit Cross-Site Scripting (XSS) by injecting arbitrary web scripts or HTML into the vfolder_label form field within the search interface. This can be done through various unspecified vectors related to folder names, posing a significant security risk to users and systems relying on this application. Users of Horde IMP versions prior to 4.1.3 are particularly susceptible and should take immediate measures to upgrade to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.