Page 8 of 37 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages ** DISPUTADA ** Múltiples vulnerabilidades de XSS en Horde Groupware Webmail 1.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados en (1) imp/search.php y (2) ingo/rule.php. NOTA: este problema ha sido disputado por el proveedor, anotando que el problema de search.php fue resuelto en CVE-2006-4255, y atacantes solo pueden utilizar rule.php para inyectar XSS en sus propias páginas. • http://securityreason.com/securityalert/2487 http://www.securityfocus.com/archive/1/463819/100/0/threaded http://www.securityfocus.com/archive/1/463911/100/0/threaded http://www.securityfocus.com/bid/23136 https://exchange.xforce.ibmcloud.com/vulnerabilities/33228 •

CVSS: 5.1EPSS: 4%CPEs: 2EXPL: 0

Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el componente de calendario en Horde Groupware Webmail Edition versiones anteriores a 1.0, y Groupware before 1.0, permite a atacantes remotos incluir ficheros concretos mediante vectores desconocidos. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://lists.horde.org/archives/announce/2007/000308.html http://lists.horde.org/archives/announce/2007/000309.html http://osvdb.org/33083 http://www.securityfocus.com/bid/22273 http://www.vupen.com/english/advisories/2007/0368 https://exchange.xforce.ibmcloud.com/vulnerabilities/31849 •