VULHUB ™

Horde IMP is vulnerable to a cross-site scripting problem. Script code is not filtered from the URL parameters of the status.php3 script. As a result, it is possible for an attacker to create a malicious link to this script which contains arbitrary attacker-supplied script code. This may enable attackers to steal cookie-based authentication credentials from legitimate users of a site running the software. It may also be possible that script injected in this way may be viewed by other users.

Horde IMP is vulnerable to a cross-site scripting problem. Script code is not filtered from the URL parameters of the status.php3 script. As a result, it is possible for an attacker to create a malicious link to this script which contains arbitrary attacker-supplied script code. This may enable attackers to steal cookie-based authentication credentials from legitimate users of a site running the software. It may also be possible that script injected in this way may be viewed by other users.