CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2012-5566
https://notcve.org/view.php?id=CVE-2012-5566
05 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view. Múltiples vulnerabilidades de XSS en la aplicación de calendario de Horde Kronolith H4 anterior a 3.0.17, utilizado en Horde Groupware Webmail Edition anterior a 4.0.8, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a t... • http://bugs.horde.org/ticket/11189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2012-5567
https://notcve.org/view.php?id=CVE-2012-5567
05 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. Múltiples vulnerabilidades de XSS en la aplicación de calendario de Horde Kronolith H4 anterior a 3.0.18, utilizado en Horde Groupware Webmail Edition anteri... • http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2012-5565
https://notcve.org/view.php?id=CVE-2012-5565
05 Apr 2014 — Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. Vulnerabilidad de XSS en js/compose-dimp.js en Horde Internet Mail Program (IMP) anterior a 5.0.24, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script ... • http://lists.horde.org/archives/announce/2012/000833.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 3CVE-2013-6275 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6275
27 Oct 2013 — Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. Múltiples problemas de tipo CSRF en Horde Groupware Webmail Edition versión 5.1.2 y anteriores en el archivo basic.php. Horde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities. • https://packetstorm.news/files/id/123810 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 128EXPL: 0CVE-2012-0791
https://notcve.org/view.php?id=CVE-2012-0791
24 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. Múltiples vulnerbilidades de ejecución de secuencias de comandos web en sitios cru... • http://secunia.com/advisories/47580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 1CVE-2012-0909
https://notcve.org/view.php?id=CVE-2012-0909
24 Jan 2012 — Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en Horde_Form en Horde Groupware Webmail Edition anterior a v4.0.6 permite a atacantes remotos inyectar código HTML o script web a través... • http://secunia.com/advisories/47592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0CVE-2010-4778
https://notcve.org/view.php?id=CVE-2010-4778
01 Apr 2011 — Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. Múltiples v... • http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 73EXPL: 7CVE-2010-3695 – Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection
https://notcve.org/view.php?id=CVE-2010-3695
31 Mar 2011 — Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php in Horde IMP anterior a v4.3.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a travé... • https://www.exploit-db.com/exploits/34773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •