Page 2 of 22 results (0.017 seconds)

CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 6

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. Horde Trean, como se utiliza en Horde Groupware Webmail Edition a través de 5.2.22 y otros productos, permite CSRF, como lo demuestra el parámetro treanBookmarkTags al trean / URI en un servidor de correo web. NOTA: treanBookmarkTags podría, por ejemplo, ser una carga útil XSS almacenada. Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. • https://bugs.horde.org/ticket/14926 https://cxsecurity.com/issue/WLB-2019050199 https://exchange.xforce.ibmcloud.com/vulnerabilities/161333 https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html https://numanozdemir.com/respdisc/horde/horde.mp4 https://numanozdemir.com/respdisc/horde/horde.txt https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html https://www.exploit-db.com/exploits/46903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.0EPSS: 94%CPEs: 1EXPL: 0

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza en Horde Groupware Webmail Edition hasta la versión 5.2.17, OS Comand Inyection puede ocurrir si el atacante es un usuario autenticado Horde Webmail, tiene características PGP habilitado en sus preferencias,e intenta cifrar un correo electrónico a una maliciosa dirección de correo electrónico manipulada. • https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. Vulnerabilidad de XSS en horde/templates/topbar/_menubar.html.php en Horde Groupware en versiones anteriores a 5.2.12 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro searchfield, como ha quedado demostrado por una petición a xplorer/gollem/manager.php. • http://bugs.horde.org/ticket/14213 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html http://lists.horde.org/archives/announce/2016/001148.html http://lists.horde.org/archives/announce/2016/001149.html http://www.debian.org/security/2016/dsa-3497 http://www.openwall.com/lists/oss-security/2016/02/06/4 http://www.openwall.com/lists/oss-security/2016/02/06/5 https&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un indicador no especificado en la visualización básica de (1) buzones o (2) mensajes. • http://lists.horde.org/archives/announce/2014/001019.html http://lists.horde.org/archives/announce/2014/001025.html http://secunia.com/advisories/59770 http://secunia.com/advisories/59772 https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) indicadores no especificados o (2) un nombre de buzón en la visualización dinámica de buzones. • http://lists.horde.org/archives/announce/2014/001019.html http://lists.horde.org/archives/announce/2014/001025.html http://secunia.com/advisories/59770 http://secunia.com/advisories/59772 https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •