CVSS: 6.1EPSS: 0%CPEs: 128EXPL: 0CVE-2012-0791
https://notcve.org/view.php?id=CVE-2012-0791
24 Jan 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. Múltiples vulnerbilidades de ejecución de secuencias de comandos web en sitios cru... • http://secunia.com/advisories/47580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 1CVE-2012-0909
https://notcve.org/view.php?id=CVE-2012-0909
24 Jan 2012 — Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en Horde_Form en Horde Groupware Webmail Edition anterior a v4.0.6 permite a atacantes remotos inyectar código HTML o script web a través... • http://secunia.com/advisories/47592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2008-7219
https://notcve.org/view.php?id=CVE-2008-7219
13 Sep 2009 — Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. Horde Kronolith H3 v2.1 anterior v2.1.7 y v2.2 anterior v2.2-RC2; Nag H3 v2.1 anterior v2.1.4 y 2.2 anterior v2.2-RC2; Mnemo H... • http://lists.horde.org/archives/announce/2008/000362.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2008-7218
https://notcve.org/view.php?id=CVE-2008-7218
13 Sep 2009 — Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. Vulnerabilidad no especificada en el ... • http://lists.horde.org/archives/announce/2008/000360.html •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2008-3650
https://notcve.org/view.php?id=CVE-2008-3650
13 Aug 2008 — Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view. Múltiples vulnerabilidades no especificadas en Horde Groupware Webmail anterior a Edition 1.1.1 (final) tiene impacto desconocido y vectores de ataque relacionados con "salida no escapada", posiblemente secuencias de comandos en sitios cruzados (XSS) en (1) el nav... • http://lists.horde.org/archives/announce/2008/000420.html •
CVSS: 6.1EPSS: 7%CPEs: 2EXPL: 3CVE-2008-1974 – Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1974
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Vulnerabilidad de secuencias de órdenes en sitios cruzados (XSS) en addevent.php de Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, y Groupware 1.0.5 permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el parámetro "url". • https://www.exploit-db.com/exploits/31697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1284
https://notcve.org/view.php?id=CVE-2008-1284
11 Mar 2008 — Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. Vulnerabilidad de salto de directorio en Horde 3.1.6, Groupware anterior 1.0.5, y Groupware Webmail Edition anterior 1.0.6, cuando ejecuta ciertas configuraciones, pertmite a usuarios autenticados remotamente leer y ejecutar fic... • http://lists.horde.org/archives/announce/2008/000382.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •