NotCVE - vendor:"Horde" product:"Groupware" version:" <= 5.2.22"

Page 3 of 48 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2015-8807 – Debian Security Advisory 3496-1

https://notcve.org/view.php?id=CVE-2015-8807

29 Feb 2016 — Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. Vulnerabilidad de XSS en la función _renderVarenput_number en horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php en Horde Groupware en versiones anteriores a 5.2.12 y Hord... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2016-2228 – Debian Security Advisory 3497-1

https://notcve.org/view.php?id=CVE-2016-2228

29 Feb 2016 — Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. Vulnerabilidad de XSS en horde/templates/topbar/_menubar.html.php en Horde Groupware en versiones anteriores a 5.2.12 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.12 permi... • http://bugs.horde.org/ticket/14213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 3

CVE-2015-7984 – Horde Groupware 5.2.10 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2015-7984

19 Nov 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. Múltiples vulnerabilidades de CSRF en Horde en versiones anteri... • https://packetstorm.news/files/id/134431 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0

CVE-2014-4945

https://notcve.org/view.php?id=CVE-2014-4945

14 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos web o H... • http://lists.horde.org/archives/announce/2014/001019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0

CVE-2014-4946

https://notcve.org/view.php?id=CVE-2014-4946

14 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. Múltiples vulnerabilidades de XSS en Horde Internet Mail Program (IMP) anterior a 6.1.8, utilizado en Horde Groupware Webmail Edition anterior a 5.1.5, permiten a atacantes remotos inyectar secuencias de comandos ... • http://lists.horde.org/archives/announce/2014/001019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0

CVE-2012-6640

https://notcve.org/view.php?id=CVE-2012-6640

05 Apr 2014 — Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. Vulnerabilidad de XSS en Horde Internet Mail Program (IMP) anterior a 5.0.22, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script Web o HTML arbitrarios a través ... • http://lists.horde.org/archives/announce/2012/000775.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0

CVE-2012-5565

https://notcve.org/view.php?id=CVE-2012-5565

05 Apr 2014 — Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. Vulnerabilidad de XSS en js/compose-dimp.js en Horde Internet Mail Program (IMP) anterior a 5.0.24, utilizado en Horde Groupware Webmail Edition anterior a 4.0.9, permite a atacantes remotos inyectar script ... • http://lists.horde.org/archives/announce/2012/000833.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0

CVE-2012-5566

https://notcve.org/view.php?id=CVE-2012-5566

05 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view. Múltiples vulnerabilidades de XSS en la aplicación de calendario de Horde Kronolith H4 anterior a 3.0.17, utilizado en Horde Groupware Webmail Edition anterior a 4.0.8, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a t... • http://bugs.horde.org/ticket/11189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0

CVE-2012-5567

https://notcve.org/view.php?id=CVE-2012-5567

05 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. Múltiples vulnerabilidades de XSS en la aplicación de calendario de Horde Kronolith H4 anterior a 3.0.18, utilizado en Horde Groupware Webmail Edition anteri... • http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2013-6364 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-6364

04 Nov 2013 — Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book Horde Groupware Webmail Edition, presenta una vulnerabilidad de tipo CSRF y XSS, cuando se guarda una búsqueda como una libreta de direcciones virtual. Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://packetstorm.news/files/id/123900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3 4 5