11 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 84EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Horde Application Framework anterior a v3.3.9 permite a los atacantes remotos secuestrar la autenticación de víctimas sin especificar en peticiones a un formulario preferente. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html http://lists.horde.org/archives/announce/2010/000557.html http://secunia.com/advisories/42140 https://bugzilla.redhat.com/show_bug.cgi?id=630687 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 2

Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en util/icon_browser.php en el Horde Application Framework anterior a v3.3.9 que permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro "subdir". • https://www.exploit-db.com/exploits/34605 http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html http://lists.horde.org/archives/announce/2010/000557.html http://seclists.org/fulldisclosure/2010/Sep/82 http://secunia.com/advisories/42140 https://bu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 http://lists.horde.org/archives/announce/2009/000482.html http://lists.horde.org/archives/announce/2009/000483.html http://lists.horde.org/archives/announce/2009/000486.html http://secunia.com/advisories/33695 http://www.securityfocus.com/bid/33491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 37EXPL: 1

Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en framework/NLS/NLS.php en Horde Framework anterior a 3.1.4 RC1, cuando la página de login contiene una caja de elección de idioma, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro new_lang en login.php. • https://www.exploit-db.com/exploits/29745 http://lists.horde.org/archives/announce/2007/000315.html http://secunia.com/advisories/24528 http://secunia.com/advisories/24995 http://secunia.com/advisories/27565 http://securityreason.com/securityalert/2427 http://securitytracker.com/id?1017775 http://www.debian.org/security/2007/dsa-1406 http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.osvdb.org/33084 http://www.securityfocus.com/archive/1/462915/ •

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en horde/imp/search.php en Horde IMP H3 anterior a 4.1.3 permite a atacanets remotos incluir secuencias de comandos web o HTML de su elección a través de múltiples vectores no especificados relacionados con nombres de carpetas, como se ha inyectado en el campo de formulario vfolder_label en la pantalla de búsqueda IMP. • http://lists.horde.org/archives/announce/2006/000294.html http://secunia.com/advisories/21533 http://securityreason.com/securityalert/1423 http://securitytracker.com/id?1016713 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2457 http://www.securityfocus.com/archive/1/443361/100/0/threaded http://www.securityfocus.com/bid/19544 http://www.vupen.com/english/advisories/2006/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/28409 •