Cross-Site Scripting Vulnerabilities in Horde Groupware by Horde
CVE-2008-2783
Currently unrated
What is CVE-2008-2783?
Horde Groupware, including the Webmail Edition and Kronolith, is susceptible to multiple cross-site scripting (XSS) vulnerabilities. Remote attackers can exploit these flaws to inject arbitrary web scripts or HTML via specific parameters in the requests to files such as week.php, workweek.php, and day.php, as well as through the horde parameter in the URI's PATH_INFO. As a result, this can compromise the integrity of user sessions and expose sensitive information.
