Horde IMP Webmail Client Multiple Input Validation Vulnerabilities

info
discussion
exploit
solution
references

Horde IMP Webmail Client Multiple Input Validation Vulnerabilities

To exploit an HTML-injection vulnerabilities, an attacker can use a browser.

To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URI is available:

http://www.example.com/horde/imp/search.php?edit_query=[xss]