Horde Groupware vulnerabilities
45 known vulnerabilities affecting horde/groupware.
Total CVEs
45
CISA KEV
0
Public exploits
14
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH8MEDIUM34
Vulnerabilities
Page 3 of 3
CVE-2014-4946P4MEDIUMCVSS 4.3≤ 5.1.4v5.0.0+9 more2014-07-14
CVE-2014-4946 [MEDIUM] CWE-79 CVE-2014-4946: Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.
nvd
CVE-2014-4945P4MEDIUMCVSS 4.3≤ 5.1.4v5.0.0+9 more2014-07-14
CVE-2014-4945 [MEDIUM] CWE-79 CVE-2014-4945: Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.
nvd
CVE-2007-1679P4MEDIUMCVSS 5.4v1.02007-03-26
CVE-2007-1679 [MEDIUM] CVE-2007-1679: Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote auth
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only
nvd
CVE-2010-4778P4MEDIUMCVSS 4.3≤ 1.2.6v1.0+21 more2011-04-04
CVE-2010-4778 [MEDIUM] CVE-2010-4778: Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8,
Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related t
nvd
CVE-2009-4363P4MEDIUMCVSS 4.3≤ 1.2.4v1.0+19 more2009-12-21
CVE-2009-4363 [MEDIUM] CWE-79 CVE-2009-4363: Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupwa
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML
nvd
← Previous3 / 3