Horde.IMP.Multiple.XSS
Description
This indicates an attack attempt against a Cross Site Scripting vulnerability in Horde IMP.
The vulnerability is caused because the vulnerable application fails to properly sanitize user-supplied input before using it in dynamically generated content. It allows a remote attacker to execute arbitrary script via sending a crafted web page.
Affected Products
Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.
Recommended Actions
Horde IMP Update to version 5.0.18.
Horde Groupware Webmail Edition Update to version 4.0.6.
Updates are available from the website:
http://www.horde.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |