Cross-Site Scripting Vulnerabilities in Horde Internet Mail Program
CVE-2014-4946
Currently unrated
What is CVE-2014-4946?
Multiple cross-site scripting (XSS) vulnerabilities exist in the Horde Internet Mail Program (IMP) prior to version 6.1.8 and in Horde Groupware Webmail Edition prior to version 5.1.5. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML by manipulating certain flags or mailbox names within the dynamic mailbox view. Such vulnerabilities can lead to unauthorized actions on behalf of users and compromise the integrity of web-based communication.
