Cross-site Scripting Vulnerability in Horde Framework by Horde Group
CVE-2007-1473
Currently unrated
What is CVE-2007-1473?
A Cross-site Scripting vulnerability exists in the login page of Horde Framework, specifically in the NLS.php file, prior to version 3.1.4 RC1. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'new_lang' parameter of 'login.php'. Attackers may exploit this vulnerability to execute malicious scripts in the context of the victim's session, leading to potential data theft or unauthorized actions. Security updates addressing this issue are critical for protecting user data and maintaining application integrity.
