Multiple Horde Products Multiple Unspecified HTML Injection Vulnerabilities

Multiple Horde products including Groupware Webmail Edition, Groupware, and Kronolith are prone to multiple unspecified HTML-injection vulnerabilities because they fail to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.

The following versions are vulnerable:

Groupware Webmail Edition versions prior to 4.0.9
Groupware versions prior to 4.0.9
Kronolith versions prior to 3.0.18


Privacy Statement
Copyright 2010, SecurityFocus