Filtered by vendor Horde
Subscriptions
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3237 | 1 Horde | 3 Groupware, Horde Application Framework, Horde Groupware | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php). | ||||
| CVE-2007-1679 | 1 Horde | 1 Groupware | 2025-04-09 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages | ||||
| CVE-2008-3824 | 2 Horde, Popoon | 2 Horde, Popoon | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message. | ||||
| CVE-2008-5917 | 2 Horde, Microsoft | 2 Application Framework, Internet Explorer | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | ||||
| CVE-2008-2783 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Kronolith | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6175 | 1 Horde | 1 Kronolith | 2025-04-09 | N/A |
| Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. | ||||
| CVE-2008-4182 | 1 Horde | 1 Turba Contact Manager H3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session. | ||||
| CVE-2008-1974 | 1 Horde | 2 Groupware, Groupware Webmail Edition | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2008-3650 | 1 Horde | 1 Groupware Webmail Edition | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. | ||||
| CVE-2008-1284 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Horde | 2025-04-09 | N/A |
| Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | ||||
| CVE-2008-7218 | 1 Horde | 7 Groupware, Groupware Webmail Edition, Horde and 4 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. | ||||
| CVE-2008-3823 | 1 Horde | 1 Horde | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message. | ||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2025-04-09 | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | ||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2025-04-09 | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-7219 | 1 Horde | 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more | 2025-04-09 | N/A |
| Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | ||||
| CVE-2009-3236 | 1 Horde | 2 Application Framework, Groupware | 2025-04-09 | N/A |
| The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements. | ||||
| CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2025-04-09 | N/A |
| procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | ||||
| CVE-2006-4256 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. | ||||
| CVE-2001-1257 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | ||||
| CVE-2001-1258 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | ||||