Cross-Site Scripting Vulnerability in Horde Internet Mail Program and Groupware Webmail Edition
CVE-2012-5565
Currently unrated
What is CVE-2012-5565?
A cross-site scripting vulnerability exists in the js/compose-dimp.js file of the Horde Internet Mail Program (IMP) prior to version 5.0.24. This flaw allows remote attackers to inject arbitrary web scripts or HTML through specially crafted filenames for attached files. It is related to the dynamic view used in the Horde Groupware Webmail Edition prior to version 4.0.9, potentially compromising the security of users and enabling unauthorized actions.
