While catching up on Horde / IMP vulns, I noticed this: http://lists.horde.org/archives/announce/2008/000365.html Many thanks to Secunia for reporting an XSS vulnerability (CVE-2007-6018) and working with us to test the fixes. -- The CVE description doesn't mention XSS due to lack of details at time of creation it appears.