CVE-2008-3650Cross-site Scripting in Groupware Webmail Edition

2 documents2 sources
Severity
9.0CRITICALNVD
EPSS
0.3%
top 47.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Horde Groupware Webmail Edition
Timeline
PublishedAug 13
Latest updateMay 2

Description

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: lists.horde.orgPatch: lists.horde.org

🔴Vulnerability Details

1
GHSA
GHSA-rjhm-x289-737r: Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 12022-05-02