CVE-2014-4945

Name of the Vulnerable Software and Affected Versions Horde Internet Mail Program (IMP) versions prior to 6.1.8 Horde Groupware Webmail Edition versions prior to 5.1.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic mailbox or message view, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For Horde Internet Mail Program (IMP) versions prior to 6.1.8, update to version 6.1.8 or later. For Horde Groupware Webmail Edition versions prior to 5.1.5, update to version 5.1.5 or later.