CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0961
https://notcve.org/view.php?id=CVE-2005-0961
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. • http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h http://lists.horde.org/archives/announce/2005/000176.html http://secunia.com/advisories/14730 http://www.novell.com/linux/security/advisories/2005_16_sr.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0378
https://notcve.org/view.php?id=CVE-2005-0378
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. • http://marc.info/?l=bugtraq&m=110564059322774&w=2 http://securitytracker.com/id?1012892 http://www.hyperdose.com/advisories/H2005-01.txt http://www.securityfocus.com/bid/12255 https://exchange.xforce.ibmcloud.com/vulnerabilities/18881 •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2004-1443
https://notcve.org/view.php?id=CVE-2004-1443
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. • http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.106&r2=1.389.2.109&ty=h http://secunia.com/advisories/12202 http://www.gentoo.org/security/en/glsa/glsa-200408-07.xml http://www.securityfocus.com/bid/10845 https://exchange.xforce.ibmcloud.com/vulnerabilities/16866 •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2741
https://notcve.org/view.php?id=CVE-2004-2741
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. • http://cvs.horde.org/diff.php/horde/templates/help/index.inc?r1=1.9.2.4&r2=1.9.2.5&ty=u http://lists.horde.org/archives/announce/2004/000107.html http://secunia.com/advisories/12992 http://securitytracker.com/id?1011959 http://www.osvdb.org/11164 http://www.securityfocus.com/bid/11546 https://exchange.xforce.ibmcloud.com/vulnerabilities/17881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 2%CPEs: 18EXPL: 0CVE-2004-0584
https://notcve.org/view.php?id=CVE-2004-0584
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. Vulnerabilidad desconocida en Hored-IMP 3.2.3 y anteriores, antes de un "arreglo de seguridad" no validan adecuadamente la entrada, lo que permite a atacantes remotos ejecutar script de su elección como otro usuario mediante script o HTML, posiblemente disparando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS). • http://secunia.com/advisories/11805 http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml http://www.horde.org/imp/3.2 http://www.securityfocus.com/bid/10501 https://exchange.xforce.ibmcloud.com/vulnerabilities/16357 •