Multiple XSS Vulnerabilities in Horde IMP and Groupware Webmail Edition
CVE-2010-4778

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
4 April 2011

What is CVE-2010-4778?

Horde IMP and Horde Groupware Webmail Edition are susceptible to multiple XSS vulnerabilities through the fetchmailprefs.php script. These vulnerabilities occur when users can inject arbitrary web scripts or HTML into the fields for username, password, and server during the fetchmail_prefs_save action. This exploit could allow remote attackers to execute malicious scripts within the context of a user's session, potentially compromising sensitive data and user authentication.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.