Page 3 of 37 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. Vulnerabilidad de XSS en horde/templates/topbar/_menubar.html.php en Horde Groupware en versiones anteriores a 5.2.12 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro searchfield, como ha quedado demostrado por una petición a xplorer/gollem/manager.php. • http://bugs.horde.org/ticket/14213 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html http://lists.horde.org/archives/announce/2016/001148.html http://lists.horde.org/archives/announce/2016/001149.html http://www.debian.org/security/2016/dsa-3497 http://www.openwall.com/lists/oss-security/2016/02/06/4 http://www.openwall.com/lists/oss-security/2016/02/06/5 https&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. Múltiples vulnerabilidades de CSRF en Horde en versiones anteriores a 5.2.8, Horde Groupware en versiones anteriores a 5.2.11 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.11 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que ejecutan (1) comandos a través del parámetro cmd a admin/cmdshell.php, (2) consultas SQL a través del parámetro sql a admin/sqlshell.php o (3) código PHP a través del parámetro php a admin/phpshell.php arbitrarios. Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/38765 http://lists.horde.org/archives/announce/2015/001124.html http://lists.horde.org/archives/announce/2015/001137.html http://lists.horde.org/archives/announce/2015/001138.html http://www.debian.org/security/2015/dsa-3391 https://www.htbridge.com/advisory/HTB23272 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un indicador no especificado en la visualización básica de (1) buzones o (2) mensajes. • http://lists.horde.org/archives/announce/2014/001019.html http://lists.horde.org/archives/announce/2014/001025.html http://secunia.com/advisories/59770 http://secunia.com/advisories/59772 https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) indicadores no especificados o (2) un nombre de buzón en la visualización dinámica de buzones. • http://lists.horde.org/archives/announce/2014/001019.html http://lists.horde.org/archives/announce/2014/001025.html http://secunia.com/advisories/59770 http://secunia.com/advisories/59772 https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. Vulnerabilidad de XSS en Horde Internet Mail Program (IMP) anterior a 5.0.22, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un adjunto de imagen SVG manipulado, una vulnerabilidad diferente a CVE-2012-5565. • http://lists.horde.org/archives/announce/2012/000775.html http://lists.horde.org/archives/announce/2012/000840.html https://github.com/horde/horde/commit/08c699f744b6d2be1a5f3a2ba7203f4631b4c5dc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •