Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6364 — Cross-site Scripting in Php-horde

CWE-79 — Cross-site Scripting CWE-352 — Cross-Site Request Forgery8 documents6 sources

Severity

8.8HIGHNVD

EPSS

2.0%

top 16.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Php-horde Debian Php-horde-turba Debian Linux +1 more

Timeline

PublishedNov 5

Latest updateMay 24

Description

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDhorde/groupware5.1.2

▶debiandebian/php-horde< php-horde-turba 4.1.3-1 (bookworm)

▶debiandebian/php-horde-turba< php-horde-turba 4.1.3-1 (bookworm)

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-m8j4-9m2h-p788: Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book↗2022-05-24

▶

OSV

CVE-2013-6364: Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book↗2019-11-05

▶

💥Exploits & PoCs

Exploit-DB

Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2)↗2013-11-08

▶

📋Vendor Advisories

Debian

CVE-2013-6364: php-horde - Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual...↗2013

▶

💬Community

Bugzilla

CVE-2013-6364 CVE-2013-6365 horde: various flaws [epel-all]↗2013-11-04

▶

Bugzilla

CVE-2013-6364 horde: XSS and CSRF via saving search as virtual address book↗2013-11-04

▶

Bugzilla

CVE-2013-6364 CVE-2013-6365 horde: various flaws [fedora-all]↗2013-11-04

▶