Git master fix:
http://lists.horde.org/archives/commits/2010-August/004747.html

This has been fixed in 1.1.2, although slightly different from your 
patch - we instead use the Horde::fatal() function which is the 
preferred way of reporting these kind of errors anyway.

Thank you for your report.

Changes have been made in CVS for this ticket:

Bug: 9191
Submitted by: nightmare.lmw@anarchynet.org
Fix CSS vulnerability when viewing file data.
http://cvs.horde.org/diff.php/gollem/docs/CHANGES?rt=horde&r1=1.114.2.57&r2=1.114.2.58&ty=u
http://cvs.horde.org/diff.php/gollem/view.php?rt=horde&r1=1.51.2.6&r2=1.51.2.7&ty=u

I have found a Cross Site Scripting vulnerability in Gollem,

Exploit : 
http://localhost/horde/gollem/view.php?actionID=view_file&type=txt&file=<script>alert("XSS")</script>&dir=../baddir/&driver=file

Vulnerable file : view.php (Line 32 - 46)

Vulnerable code :

if (is_callable(array($GLOBALS['gollem_vfs'], 'readStream'))) {
     $stream = $GLOBALS['gollem_vfs']->readStream($filedir, $filename);
     if (is_a($stream, 'PEAR_Error')) {
         Horde::logMessage($stream, __FILE__, __LINE__, PEAR_LOG_NOTICE);
         printf(_("Access denied to %s"), $filename);
         exit;
     }
} else {
     $data = $GLOBALS['gollem_vfs']->read($filedir, $filename);
     if (is_a($data, 'PEAR_Error')) {
         Horde::logMessage($data, __FILE__, __LINE__, PEAR_LOG_NOTICE);
         printf(_("Access denied to %s"), $filename);
         exit;
     }
}

I hope you fix the vulnerability asap. Patch in attachment.

Have a nice day.

Nicolas C. [NightMareLmW From DevSec]