Horde IMP HTML+TIME HTML Injection Vulnerability

Horde IMP HTML+TIME HTML Injection Vulnerability

Reportedly Horde IMP is affected by an HTML injection vulnerability due to insufficient sanitization of HTML+TIME script.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.