Debian Linux Security Advisory 2204-1 – Moritz Naumann discovered that imp4, a webmail component for the horde framework, is prone to cross-site scripting attacks by a lack of input sanitizing of certain fetchmail information.
Source: Debian Security Advisory 2204-1