CVE-2007-1473

Name of the Vulnerable Software and Affected Versions Horde Framework versions prior to 3.1.4 RC1

Description The issue is related to a cross-site scripting (XSS) vulnerability. It occurs when the login page contains a language selection box, allowing remote attackers to inject arbitrary web script or HTML via the new lang parameter to the "login.php" endpoint.

Recommendations For versions prior to 3.1.4 RC1, update to version 3.1.4 RC1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "login.php" endpoint or disabling the language selection box until a patch is applied. Avoid using the new lang parameter in the affected endpoint until the issue is resolved.