Filtered by vendor Horde
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2025-04-03 | N/A |
| Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | ||||
| CVE-2005-4192 | 1 Horde | 1 Mnemo Note Manager H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad. | ||||
| CVE-2005-1314 | 1 Horde | 1 Kronolith | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-4191 | 1 Horde | 1 Nag Task List Manager H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist. | ||||
| CVE-2005-3759 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | ||||
| CVE-2005-3344 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | ||||
| CVE-2005-1322 | 1 Horde | 1 Nag | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-4189 | 1 Horde | 1 Kronolith H3 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. | ||||
| CVE-2005-0378 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | ||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1318 | 1 Horde | 1 Forwards | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2005-1316 | 1 Horde | 1 Accounts | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2005-1320 | 1 Horde | 1 Mnemo | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2000-0911 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | ||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | ||||
| CVE-2005-1315 | 1 Horde | 1 Turba | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2002-2024 | 1 Horde | 1 Imp | 2025-04-03 | 5.3 Medium |
| Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. | ||||
| CVE-2004-1443 | 1 Horde | 1 Imp | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | ||||
| CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.0 High |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | ||||