Horde IMP Email Attachments HTML Injection Vulnerability

info
discussion
exploit
solution
references

Horde IMP Email Attachments HTML Injection Vulnerability

No exploit is required.

The following proof of concept demonstrates one possible way to bypass the HTML stripping functions of the application:
<s0x00hcript>alert('HORDE')</s0x00hcript>
0x00h is an ASCII 00

The following proof of concept exploit by Igor <sprog@online.ru> is available:

/data/vulnerabilities/exploits/horde-imp_html-inj-poc.pl