It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability.