--- Horde contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and stealing auth tokens. --- Full details on the BugTraq Announcement
Fixed in 3.0.1 (3.0.2 is already out). vapier/web-apps: please bump the ~ version to 3.0.2 No stable marking needed, no GLSA (as this is ~).
now in portage
Thx spanKY