Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to βunescaped output,β possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.