A moderately critical flaw was found in Horde Groupware Webmail Edition. It allows to launch XSS and script insertion attack.
Data related to email verification sent to Horde_Form are not properly sanitised before being returned to a user. The flaw can be exploited to execute arbitrary HTML and script code. The vulnerability was found in versions prior to 4.0.6. Users should upgrade to 4.0.6.

Source: Secunia
24.01.2012