Cross-Site Scripting Vulnerabilities in Horde IMP Webmail Client
CVE-2007-1515

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
20 March 2007

What is CVE-2007-1515?

Horde IMP Webmail Client versions 4.1.3 and earlier are susceptible to multiple cross-site scripting vulnerabilities. Attackers can exploit these vulnerabilities to inject arbitrary web scripts or HTML into email communications through various parameters, such as the Subject header and the edit_query parameter in search.php. This exploitation could potentially allow unauthorized actions to be performed in the context of the affected user, leading to data leakage and other security concerns.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.