SEC-CONSULT Security Advisory 20051211-0 - Horde versions 3.0.7 and below, Kronolith versions 2.0.5 and below, Mnemo version 2.0.2 and below, Nag versions 2.0.3 and below, and Turba versions 2.0.4 and below are susceptible to cross site scripting attacks.
c971b6b1b86188e28d857b6287052b9a960d81bb8b8bd7a342c6654bae0023c5