Description: A vulnerability has been reported in Vacation, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to a parent frame's page title is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. Solution: Update to version 2.2.2. http://www.horde.org/vacation/download/
*** This bug has been marked as a duplicate of 90365 ***