Total vulnerabilities in the database
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVSS v2:
No CWE or OWASP classifications available.