Cross-Site Scripting Vulnerability in Horde Application Framework and Groupware Products
CVE-2009-4363

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
21 December 2009

What is CVE-2009-4363?

The Horde Application Framework and Horde Groupware versions prior to their respective updates contain a vulnerability due to improper handling of data URIs in HTML email links. This flaw allows remote attackers to perform cross-site scripting (XSS) attacks by crafting malicious data:text/html HREF attributes within A elements. The impact can lead to compromised user sessions or exposure of sensitive information. It is important for users to upgrade to the latest versions to mitigate the risks associated with this vulnerability.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.