CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2008-7219
https://notcve.org/view.php?id=CVE-2008-7219
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. Horde Kronolith H3 v2.1 anterior v2.1.7 y v2.2 anterior v2.2-RC2; Nag H3 v2.1 anterior v2.1.4 y 2.2 anterior v2.2-RC2; Mnemo H3 v2.1 anterior v2.1.2 y H3 2.2 anterior v2.2-RC2; Groupware v1.0 anterior v1.0.3 y v1.1 anterior v1.1-RC2; y Groupware Webmail Edition v1.0 anterior v1.0.4 y v1.1 anterior v1.1-RC2, no valida las propiedades al compartir cambios, con un impacto y vectores de ataque desconocidos. • http://lists.horde.org/archives/announce/2008/000362.html http://lists.horde.org/archives/announce/2008/000363.html http://lists.horde.org/archives/announce/2008/000364.html http://lists.horde.org/archives/announce/2008/000365.html http://lists.horde.org/archives/announce/2008/000366.html http://lists.horde.org/archives/announce/2008/000368.html http://lists.horde.org/archives/announce/2008/000369.html http://lists.horde.org/archives/announce/2008/000371.html http://lists.horde • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2008-3650
https://notcve.org/view.php?id=CVE-2008-3650
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. Múltiples vulnerabilidades no especificadas en Horde Groupware Webmail anterior a Edition 1.1.1 (final) tiene impacto desconocido y vectores de ataque relacionados con "salida no escapada", posiblemente secuencias de comandos en sitios cruzados (XSS) en (1) el navegador objeto y (2) la vista de contacto. • http://lists.horde.org/archives/announce/2008/000420.html https://exchange.xforce.ibmcloud.com/vulnerabilities/44479 •