|HIO-2010-0514 Horde Web Mail CSRF Vulnerability|
Horde Groupware Webmail is vulnerable to cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests send to e.g. account privileges per services/prefs.php without performing any validity checks to verify the request. This can be exploited to e.g. conduct script-insertion attacks and change certain settings by tricking an administrator into visiting a malicious website.
|< Prev||Next >|