CVSS: 6.1EPSS: 0%CPEs: 79EXPL: 2CVE-2009-4363
https://notcve.org/view.php?id=CVE-2009-4363
21 Dec 2009 — Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." Text_Filter/lib/Horde/Text/Filter/Xss.php en ... • http://bugs.horde.org/ticket/8715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 79EXPL: 6CVE-2009-3701 – Horde 3.3.5 - '/Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3701
21 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el interfaz de administración en Horde ... • https://www.exploit-db.com/exploits/33408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2008-7218
https://notcve.org/view.php?id=CVE-2008-7218
13 Sep 2009 — Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. Vulnerabilidad no especificada en el ... • http://lists.horde.org/archives/announce/2008/000360.html •
CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2008-7219
https://notcve.org/view.php?id=CVE-2008-7219
13 Sep 2009 — Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. Horde Kronolith H3 v2.1 anterior v2.1.7 y v2.2 anterior v2.2-RC2; Nag H3 v2.1 anterior v2.1.4 y 2.2 anterior v2.2-RC2; Mnemo H... • http://lists.horde.org/archives/announce/2008/000362.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2008-3650
https://notcve.org/view.php?id=CVE-2008-3650
13 Aug 2008 — Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. Múltiples vulnerabilidades no especificadas en Horde Groupware Webmail anterior a Edition 1.1.1 (final) tiene impacto desconocido y vectores de ataque relacionados con "salida no escapada", posiblemente secuencias de comandos en sitios cruzados (XSS) en (1) el nav... • http://lists.horde.org/archives/announce/2008/000420.html •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 3CVE-2008-1974 – Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1974
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de secuencias de órdenes en sitios cruzados (XSS) en addevent.php de Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, y Groupware 1.0.5 permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el parámetro "url". • https://www.exploit-db.com/exploits/31697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •