Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities

Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities

Horde IMP and Groupware Webmail Edition are prone to multiple input-validation vulnerabilities because the software fails to sanitize certain HTML and HTTP data.

Attackers can leverage these issues to have malicious HTML rendered in the client, to delete arbitrary email messages, and to purge deleted email messages.

IMP 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 are vulnerable; other versions may also be affected.