Release date:
Updated on:
Affected Systems:
Horde IMP <5.0.21
Horde Groupware Webmail Edition <4.0.8
Unaffected system:
Horde IMP 5.0.21
Horde Groupware Webmail Edition 4.0.8
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53435
IMP is an internet messaging program written in PHP. It provides webpage email access and rich Web message transmission for IMAP and POP3 accounts.
The Horde IMP Webmail client earlier than IMP 5.0.21 has multiple cross-site scripting vulnerabilities. Attackers can exploit these vulnerabilities to execute arbitrary code in the browser and steal Cookie authentication creden.
<* Source: vendor
Link: http://lists.horde.org/archives/announce/2012/000773.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Horde
-----
Horde has released a Security Bulletin (000773) and corresponding patches for this purpose:
000773: Horde Groupware Webmail Edition 4.0.8 (final)
Link: http://lists.horde.org/archives/announce/2012/000773.html