CVE-2005-4080

Name of the Vulnerable Software and Affected Versions Horde IMP versions 4.0.4 and earlier

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings. This occurs because the software does not sanitize strings containing UTF16 null characters. The attack can be executed when viewed using Internet Explorer, which ignores these characters.

Recommendations For Horde IMP versions 4.0.4 and earlier, update to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.