CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 3CVE-2013-6365 – Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6365
04 Nov 2013 — Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions Horde Groupware Web mail versión 5.1.2, presenta una vulnerabilidad de tipo CSRF con peticiones para cambiar permisos. Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://packetstorm.news/files/id/123900 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 3CVE-2013-6275 – Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6275
27 Oct 2013 — Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. Múltiples problemas de tipo CSRF en Horde Groupware Webmail Edition versión 5.1.2 y anteriores en el archivo basic.php. Horde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities. • https://packetstorm.news/files/id/123810 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 77%CPEs: 3EXPL: 5CVE-2012-0209 – Horde 3.3.12 - Backdoor Arbitrary PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-0209
25 Sep 2012 — Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. Horde v3.3.12, Horde Groupware v1.2.10, y Horde Groupware Webmail Edition v1.2.10, como el distribuido por FTP entre noviembre del 2011 y febrero del 2012, contiene unas modificaciones introducidas exte... • https://www.exploit-db.com/exploits/18492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 1CVE-2010-3693
https://notcve.org/view.php?id=CVE-2010-3693
01 Apr 2011 — Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Horde Dynamic IMP (DIMP) antes de v1.1.5, y Horde Groupware Webmail Edition antes de v1.2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores ... • http://bugs.horde.org/ticket/9240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0CVE-2010-4778
https://notcve.org/view.php?id=CVE-2010-4778
01 Apr 2011 — Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information. Múltiples v... • http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 73EXPL: 7CVE-2010-3695 – Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection
https://notcve.org/view.php?id=CVE-2010-3695
31 Mar 2011 — Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en fetchmailprefs.php in Horde IMP anterior a v4.3.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a travé... • https://www.exploit-db.com/exploits/34773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 79EXPL: 2CVE-2009-4363
https://notcve.org/view.php?id=CVE-2009-4363
21 Dec 2009 — Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." Text_Filter/lib/Horde/Text/Filter/Xss.php en ... • http://bugs.horde.org/ticket/8715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 79EXPL: 6CVE-2009-3701 – Horde 3.3.5 - '/Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3701
21 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el interfaz de administración en Horde ... • https://www.exploit-db.com/exploits/33408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2009-3236
https://notcve.org/view.php?id=CVE-2009-3236
17 Sep 2009 — The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements. La biblioteca de formularios en Horde Application Framework versión 3.2 ... • http://marc.info/?l=horde-announce&m=125291625030436&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3237
https://notcve.org/view.php?id=CVE-2009-3237
17 Sep 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that ... • http://bugs.horde.org/ticket/?id=8311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •