It was discovered that the web-based administration interface in the
Horde Application Framework did not guard against Cross-Site Request
Forgery (CSRF) attacks. As a result, other, malicious web pages could
cause Horde applications to perform actions as the Horde user.