Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.
bugs.horde.org/ticket/9240
cvs.horde.org/diff.php/dimp/docs/CHANGES?rt=horde&r1=1.69.2.82&r2=1.69.2.87&ty=h
git.horde.org/diff.php/groupware/docs/webmail/CHANGES?rt=horde&r1=1.35.2.11&r2=1.35.2.13&ty=h
git.horde.org/diff.php/imp/lib/Views/ListMessages.php?rt=horde-git&r1=b496687e2e71f3ebaecdff5ee49561fbfc1c74cb&r2=48913cf3af81875d6e5c6f32e030c5913f22f25d
lists.horde.org/archives/announce/2010/000561.html
lists.horde.org/archives/announce/2010/000568.html
openwall.com/lists/oss-security/2010/09/30/7
openwall.com/lists/oss-security/2010/09/30/8
openwall.com/lists/oss-security/2010/10/01/6
secunia.com/advisories/41639
www.osvdb.org/68267
www.vupen.com/english/advisories/2010/2522
exchange.xforce.ibmcloud.com/vulnerabilities/62080