NotCVE - vendor:"Horde" product:"Groupware" version:" <= 1.2.6"

Page 2 of 29 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0

CVE-2012-6640

https://notcve.org/view.php?id=CVE-2012-6640

05 Apr 2014 — Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. Vulnerabilidad de XSS en Horde Internet Mail Program (IMP) anterior a 5.0.22, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script Web o HTML arbitrarios a través ... • http://lists.horde.org/archives/announce/2012/000775.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0

CVE-2012-5566

https://notcve.org/view.php?id=CVE-2012-5566

05 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view. Múltiples vulnerabilidades de XSS en la aplicación de calendario de Horde Kronolith H4 anterior a 3.0.17, utilizado en Horde Groupware Webmail Edition anterior a 4.0.8, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a t... • http://bugs.horde.org/ticket/11189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0

CVE-2012-5567

https://notcve.org/view.php?id=CVE-2012-5567

05 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. Múltiples vulnerabilidades de XSS en la aplicación de calendario de Horde Kronolith H4 anterior a 3.0.18, utilizado en Horde Groupware Webmail Edition anteri... • http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0

CVE-2012-5565

https://notcve.org/view.php?id=CVE-2012-5565

05 Apr 2014 — Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. Vulnerabilidad de XSS en js/compose-dimp.js en Horde Internet Mail Program (IMP) anterior a 5.0.24, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script ... • http://lists.horde.org/archives/announce/2012/000833.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 3

CVE-2013-6275 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-6275

27 Oct 2013 — Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. Múltiples problemas de tipo CSRF en Horde Groupware Webmail Edition versión 5.1.2 y anteriores en el archivo basic.php. Horde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities. • https://packetstorm.news/files/id/123810 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 1

CVE-2010-3693

https://notcve.org/view.php?id=CVE-2010-3693

01 Apr 2011 — Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Horde Dynamic IMP (DIMP) antes de v1.1.5, y Horde Groupware Webmail Edition antes de v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores ... • http://bugs.horde.org/ticket/9240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0

CVE-2010-4778

https://notcve.org/view.php?id=CVE-2010-4778

01 Apr 2011 — Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. Múltiples v... • http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 73EXPL: 7

CVE-2010-3695 – Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection

https://notcve.org/view.php?id=CVE-2010-3695

31 Mar 2011 — Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php in Horde IMP anterior a v4.3.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a travé... • https://www.exploit-db.com/exploits/34773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 4%CPEs: 79EXPL: 6

CVE-2009-3701 – Horde 3.3.5 - '/Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-3701

21 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el interfaz de administración en Horde ... • https://www.exploit-db.com/exploits/33408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 79EXPL: 2

CVE-2009-4363

https://notcve.org/view.php?id=CVE-2009-4363

21 Dec 2009 — Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." Text_Filter/lib/Horde/Text/Filter/Xss.php en ... • http://bugs.horde.org/ticket/8715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3