Horde Vulnerabilities Allow Launching of Script Injection & XSS Attacks
According to news published by Secunia on June 16, 2008, some security flaws in various Horde products have been reported that malicious users could exploit to launch script injection as well as cross-site scripting (XSS) attacks.
Horde, a Web application with an open-source framework, is based on Hypertext Preprocessor or PHP. It offers widely used applications like the Horde Interface Message Processor (IMP) mail client used as a wiki and groupware solution.
Reports coming to Secunia revealed that the first flaw relates to the input passed through Horde products. According to experts, when the input is transmitted to different item names without properly sanitizing or cleaning it, the flaw occurs. This flaw could be exploited to inject arbitrary script code and HyperText M...
» SPAMfighter News - 01-07-2008