Cross-Site Scripting Vulnerabilities in Horde Groupware by Horde
CVE-2008-2783

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
19 June 2008

What is CVE-2008-2783?

Horde Groupware, including the Webmail Edition and Kronolith, is susceptible to multiple cross-site scripting (XSS) vulnerabilities. Remote attackers can exploit these flaws to inject arbitrary web scripts or HTML via specific parameters in the requests to files such as week.php, workweek.php, and day.php, as well as through the horde parameter in the URI's PATH_INFO. As a result, this can compromise the integrity of user sessions and expose sensitive information.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.