Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition by Horde
CVE-2012-0909

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
24 January 2012

What is CVE-2012-0909?

A cross-site scripting (XSS) vulnerability exists in Horde_Form component of Horde Groupware Webmail Edition prior to version 4.0.6. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application via unspecified vectors, particularly related to email verification processes. Successful exploitation may lead to unauthorized actions and data exposure in user accounts.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.