Multiple Cross-Site Scripting Vulnerabilities in Horde IMP and Groupware
CVE-2012-0791
Currently unrated
What is CVE-2012-0791?
Horde IMP and Horde Groupware Webmail Edition are susceptible to multiple Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities permit remote attackers to inject arbitrary web scripts or HTML content by manipulating specific parameters within the application. The affected parameters include composeCache, rtemode, and filename_* during the composition of messages, as well as formname for contacts in the popup window, and IMAP mailbox names. Exploitation of these vulnerabilities could lead to unauthorized actions on behalf of users or the exposure of sensitive data.
