CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0931
https://notcve.org/view.php?id=CVE-2009-0931
17 Mar 2009 — Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, pe... • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 37EXPL: 1CVE-2007-1473 – Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1473
16 Mar 2007 — Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en framework/NLS/NLS.php en Horde Framework anterior a 3.1.4 RC1, cuando la página de login contiene una caja de elección de idioma, permite a atacantes remotos inyectar secuencias de c... • https://www.exploit-db.com/exploits/29745 •
CVSS: 6.8EPSS: 1%CPEs: 11EXPL: 0CVE-2006-2195
https://notcve.org/view.php?id=CVE-2006-2195
15 Jun 2006 — Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) templates/problem/problem.inc y (2) test.php. • http://bugs.gentoo.org/show_bug.cgi?id=136830 •
CVSS: 7.5EPSS: 3%CPEs: 33EXPL: 3CVE-2006-1260 – Horde Web-Mail 3.x - 'go.php' Remote File Disclosure
https://notcve.org/view.php?id=CVE-2006-1260
19 Mar 2006 — Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. • https://www.exploit-db.com/exploits/4850 •
CVSS: 5.4EPSS: 0%CPEs: 43EXPL: 0CVE-2005-4190
https://notcve.org/view.php?id=CVE-2005-4190
13 Dec 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. Múltiples vulnerabilidades de secuencias de comand... • http://lists.horde.org/archives/announce/2005/000238.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2005-3759
https://notcve.org/view.php?id=CVE-2005-3759
22 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. • http://lists.horde.org/archives/announce/2005/000232.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0728
https://notcve.org/view.php?id=CVE-2003-0728
03 Sep 2003 — Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. • http://marc.info/?l=bugtraq&m=106081310531567&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2002-0181
https://notcve.org/view.php?id=CVE-2002-0181
22 Apr 2002 — Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. Vulnderabilidad de secuencias de comandos en sitios cruzados (cross-site scripting) en Horde anteriores a 1.2.8 y IMP anteriores a 2.2.8 permite a atacantes remotos ejecutar scripts y robar cookies de otros usuarios. • http://bugs.horde.org/show_bug.cgi?id=916 •