PT-2025-12433 · Horde +1 · Horde Imp +2

Name of the Vulnerable Software and Affected Versions: Horde IMP versions prior to 6.2.27 Horde Application Framework versions prior to 5.2.23 Description: A Cross-Site Scripting XSS vulnerability was discovered in Horde IMP, allowing an attacker to hijack a user session by sending a crafted e-ma...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2004-1443

Cross-site scripting XSS vulnerability in the inline MIME viewer in Horde-IMP Internet Messaging Program 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message...

GLSA-200408-07 : Horde-IMP: Input validation vulnerability for Internet Explorer users

The remote host is affected by the vulnerability described in GLSA-200408-07 Horde-IMP: Input validation vulnerability for Internet Explorer users Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer...

Horde-IMP: Input validation vulnerability for Internet Explorer users

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...

Horde-IMP: Input validation vulnerability

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact By enticing a user to read a specially crafted...

Дырка в Horde IMP (code execution)

Неинициализированные PHP-переменные позволяют выполнение скрипта заданного атакующим. Кроме того есть другие уязвимости...

Horde 1.2.x2.1.3 and Imp 2.2.x3.1.2 - File Disclosure

Horde 1.2.x2.1.3 and Imp 2.2.x3.1.2 - File Disclosure source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI...

Horde 1.2.x/2.1.3 and Imp 2.2.x/3.1.2 - File Disclosure

source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI parameters. By specifying a malicious INBOX file in a request,...