[horde] Horde v 5.2.22 vulnerability – obfuscation via HTML encoding – XSS payload
Ralf Lang
ralf.lang at gmail.com
Thu May 15 09:56:52 UTC 2025
Hello Nataša,
thank you for reporting this issue.
I will try to verify on Horde 6 Alpha. We will need to sanitize against
javascript in html properties in user supplied content.
Ticket ID: https://bugs.horde.org/ticket/15190
Am 21.03.2025 um 12:53 schrieb Nataša K. Arh:
> The vulnerability was tested on latest version as stated here:
> https://www.horde.org/download/imp, but with applied patches:
> Horde 5.2.23
> IMP 6.2.27
>
> Regards.
I will see to it if I can get this backported into IMP6, too.
Best regards
More information about the horde
mailing list