CVE-2014-4945

Horde IMP <6.1.8 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.

References (6)

[Vendor Advisory] http://lists.horde.org/archives/announce/2014/001019.html

[Vendor Advisory] http://lists.horde.org/archives/announce/2014/001025.html

[Various Sources] https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES

View Writeup ZIP pw:eip

[Various Sources] https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES

[Third Party Advisory] http://secunia.com/advisories/59770

[Third Party Advisory] http://secunia.com/advisories/59772

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Details

CWE

CWE-79

Status published

Products (38)

horde/groupware < 5.1.4

horde/groupware

horde/groupware

horde/groupware

horde/groupware

horde/groupware

horde/groupware

horde/groupware

horde/groupware

horde/groupware

... and 28 more

Published Jul 14, 2014

Tracked Since Feb 18, 2026