It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery.