[原文]Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
It has been reported that the devel version of Horde IMP and Horde IMP 3.0 Release Candidate 1 are not vulnerable to this issue. It is advised to upgrade to Imp 2.2.7. Additional upgrades are available. Horde IMP 2.0
IMP is a powerful web-based mail interface/client developed by members of the Horde project.
Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked will cause arbitrary script code to be executed in the browser of an unsuspecting user in the context of a site running Horde IMP.
As a result, it has been proven that this issue can be exploited to steal a legitimate user's cookie-based authentication credentials and gain unauthorized access to that user's webmail account.
Imp Webmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'status.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 2.2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.