This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web server hosts a PHP application that is affected by a
cross-site scripting vulnerability.
The version of IMP (Internet Mail Program) installed on the remote host
is affected by a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input when a user uploads an attachment.
An attacker can use a specially crafted request to inject arbitrary HTML
and script code into a user's browser to be executed within the security
context of the affected site.
Note that Horde Groupware Webmail Edition is also affected as this
bundle includes IMP.
See also :
Upgrade to IMP H4 5.0.24 / Groupware Webmail Edition 4.0.9 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true