Cross-Site Scripting Vulnerabilities in Horde Internet Mail Program
CVE-2014-4945

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
14 July 2014

What is CVE-2014-4945?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Horde Internet Mail Program (IMP) prior to version 6.1.8, as well as in Horde Groupware Webmail Edition before version 5.1.5. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into the application via unspecified flags in the mailbox and message view interfaces. This can compromise user data and allow unauthorized actions to be executed in the context of the affected users.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.