XSS Vulnerability in Horde Internet Mail Program Affecting Horde Groupware Webmail Edition
CVE-2012-6640

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
5 April 2014

What is CVE-2012-6640?

A cross-site scripting (XSS) vulnerability exists in the Horde Internet Mail Program (IMP) prior to version 5.0.22, as utilized in the Horde Groupware Webmail Edition before version 4.0.9. This vulnerability enables remote attackers to exploit the system by injecting arbitrary web script or HTML through a specially crafted SVG image attachment. This poses a significant security risk as it can lead to unauthorized access and manipulation of user sessions or data.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.