CVE-2007-1679

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail version 1.0

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the imp/search.php and ingo/rule.php files. However, it is noted that the vendor disputes this issue, stating that the search.php problem was previously resolved and that attackers can only use rule.php to inject XSS into their own pages.

Recommendations: For Horde Groupware Webmail version 1.0, consider restricting access to the imp/search.php and ingo/rule.php files to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality provided by these files until a patch or further guidance is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.