Horde Application Framework Help Window Unspecified Cross-Site Scripting Vulnerability

Horde Application Framework Help Window Unspecified Cross-Site Scripting Vulnerability

Horde Application Framework is reported prone to an unspecified cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attacker may exploit this vulnerability to execute arbitrary HTML and script code in the browser of a vulnerable user.

This issue can facilitate attacks such as the theft of cookie-based authentication credentials. Other attacks are possible as well.

Horde Application Framework versions 2.2.6 and prior are reported prone to this vulnerability.