VULHUB ™

IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked will cause arbitrary script code to be executed in the browser of an unsuspecting user in the context of a site running Horde IMP. As a result, it has been proven that this issue can be exploited to steal a legitimate user's cookie-based authentication credentials and gain unauthorized access to that user's webmail account.

IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked will cause arbitrary script code to be executed in the browser of an unsuspecting user in the context of a site running Horde IMP. As a result, it has been proven that this issue can be exploited to steal a legitimate user's cookie-based authentication credentials and gain unauthorized access to that user's webmail account.