Cross-Site Scripting Vulnerability in Horde Application Framework and Groupware Products
CVE-2009-4363
Currently unrated
What is CVE-2009-4363?
The Horde Application Framework and Horde Groupware versions prior to their respective updates contain a vulnerability due to improper handling of data URIs in HTML email links. This flaw allows remote attackers to perform cross-site scripting (XSS) attacks by crafting malicious data:text/html HREF attributes within A elements. The impact can lead to compromised user sessions or exposure of sensitive information. It is important for users to upgrade to the latest versions to mitigate the risks associated with this vulnerability.
