CVE-2006-4255

Name of the Vulnerable Software and Affected Versions Horde IMP H3 versions prior to 4.1.3

Description A cross-site scripting (XSS) issue allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder label form field in the IMP search screen.

Recommendations For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMP search screen until the update is applied.