Mike Cardwell

**Name of the Vulnerable Software and Affected Versions** Horde Internet Mail Program (IMP) versions prior to 5.0.22 Horde Groupware Webmail Edition versions prior to 4.0.9 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment. **Recommendations** For Horde Internet Mail Program (IMP) versions prior to 5.0.22, update to version 5.0.22 or later. For Horde Groupware Webmail Edition versions prior to 4.0.9, update to version 4.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 3.5.x through 3.5.2 **Description** The issue allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks. This is due to the use of JavaScript code obtained through an HTTP session to phpmyadmin.net without SSL, which can be modified by attackers. **Recommendations** For phpMyAdmin versions 3.5.x through 3.5.2, update to version 3.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 4.2 **Description** The issue allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property. This can be demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. **Recommendations** For Apple iOS versions prior to 4.2, update to version 4.2 or later to resolve the issue.