- Description
- Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-79
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 HIGH IMP Vulnerability (CVE-2025-30349) 🚨 IMP (3.1) has a CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') flaw. Attackers can ⚠️ CVSS Score: 7.2/10 🛠 Fix: No fix available yet 🔗 More details: NVD | Advisory
@SecurtyRating
3 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-30349 🔴 HIGH (7.2) 🏢 Horde - IMP 🏗️ 0 🔗 https://t.co/2AE1ccPV5R 🔗 https://t.co/kpFvKQZvo2 🔗 https://t.co/S6tcaSsjdV 🔗 https://t.co/qBJsBlqShG 🔗 https://t.co/dhBMTMjzWB 🔗 https://t.co/i2LPLXT7dp 🔗 https://t.co/Dd1xGBheol #CyberCron #VulnAlert #InfoSec https:/
@cybercronai
23 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes