XSS Vulnerability in Horde IMP and Application Framework
CVE-2025-30349
7.2HIGH
What is CVE-2025-30349?
Horde IMP versions up to 6.2.27 and Horde Application Framework versions up to 5.2.23 are susceptible to a Cross-Site Scripting (XSS) vulnerability. Malicious actors can exploit this flaw by sending specially crafted text/html email messages containing an onerror attribute. This may include base64-encoded JavaScript code, potentially leading to account takeover. The vulnerability has been observed being actively exploited in the wild as of March 2025, emphasizing the need for prompt updates and mitigations.
Affected Version(s)
IMP 0 <= 6.2.27
