CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2008-7218
https://notcve.org/view.php?id=CVE-2008-7218
13 Sep 2009 — Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. Vulnerabilidad no especificada en el ... • http://lists.horde.org/archives/announce/2008/000360.html •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2008-6746
https://notcve.org/view.php?id=CVE-2008-6746
23 Apr 2009 — Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la visualización de un contacto en Turba Contact Manager H3 antes de 2.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el nombre del contacto. • http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •