Cross-Site Scripting Vulnerabilities in Horde Internet Mail Program
CVE-2014-4945
Currently unrated
What is CVE-2014-4945?
Multiple cross-site scripting (XSS) vulnerabilities exist in the Horde Internet Mail Program (IMP) prior to version 6.1.8, as well as in Horde Groupware Webmail Edition before version 5.1.5. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into the application via unspecified flags in the mailbox and message view interfaces. This can compromise user data and allow unauthorized actions to be executed in the context of the affected users.
