Cross-Site Scripting Vulnerabilities in Horde Internet Mail Program
CVE-2014-4946

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
14 July 2014

What is CVE-2014-4946?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Horde Internet Mail Program (IMP) prior to version 6.1.8 and in Horde Groupware Webmail Edition prior to version 5.1.5. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML by manipulating certain flags or mailbox names within the dynamic mailbox view. Such vulnerabilities can lead to unauthorized actions on behalf of users and compromise the integrity of web-based communication.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.