Multiple Horde Products Multiple Unspecified HTML Injection Vulnerabilities
Multiple Horde products including Groupware Webmail Edition, Groupware, and Kronolith are prone to multiple unspecified HTML-injection vulnerabilities because they fail to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
The following versions are vulnerable:
Groupware Webmail Edition versions prior to 4.0.9
Groupware versions prior to 4.0.9
Kronolith versions prior to 3.0.18