CVSS: 6.1EPSS: 0%CPEs: 84EXPL: 2CVE-2010-3077 – Horde Application Framework 3.3.8 - 'icon_browser.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3077
09 Nov 2010 — Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en util/icon_browser.php en el Horde Application Framework anterior a v3.3.9 que permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro "subdir". • https://www.exploit-db.com/exploits/34605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 84EXPL: 0CVE-2010-3694
https://notcve.org/view.php?id=CVE-2010-3694
09 Nov 2010 — Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Horde Application Framework anterior a v3.3.9 permite a los atacantes remotos secuestrar la autenticación de víctimas sin especificar en peticiones a un formulario preferente. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 79EXPL: 2CVE-2009-4363
https://notcve.org/view.php?id=CVE-2009-4363
21 Dec 2009 — Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." Text_Filter/lib/Horde/Text/Filter/Xss.php en ... • http://bugs.horde.org/ticket/8715 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 79EXPL: 6CVE-2009-3701 – Horde 3.3.5 - '/Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3701
21 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el interfaz de administración en Horde ... • https://www.exploit-db.com/exploits/33408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 24EXPL: 1CVE-2007-1474 – Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2007-1474
16 Mar 2007 — Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. Vulnerabilidad de inyección de argumento en la secuencia de comandos cleanup para cron de Horde Project Horde e IMP anterior a Horde Application Framework 3.1.4 permite a usuarios locales borrar archivos de su elección y posiblemente obtener privilegios mediante múl... • https://www.exploit-db.com/exploits/29746 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2006-4256
https://notcve.org/view.php?id=CVE-2006-4256
21 Aug 2006 — index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. index.php en Horde Application Framework anerior a 3.1.2 permite a atacantes remotos incluir páginas web de otros sitios, lo que podría ser útil para ataques de phishing, mediante una URL en el pa... • http://lists.horde.org/archives/announce/2006/000292.html •
CVSS: 9.8EPSS: 18%CPEs: 12EXPL: 1CVE-2006-1491 – Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-1491
29 Mar 2006 — Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. • https://www.exploit-db.com/exploits/1660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •