
CVE-2009-0931
https://notcve.org/view.php?id=CVE-2009-0931
17 Mar 2009 — Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la secuencia de comandos de búsqueda de nube de etiquetas (horde/services/portal/cloud_search.php) en Horde anterior a v3.2.4 y v3.3.3, y Horde Groupware anterior a v1.1.5, pe... • http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2006-4255
https://notcve.org/view.php?id=CVE-2006-4255
21 Aug 2006 — Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en horde/imp/search.php en Horde IMP H3 anterior a 4.1.3 permite a atacanets remotos incluir secuencias de comandos web o HTML de su elección a través de múlt... • http://lists.horde.org/archives/announce/2006/000294.html •

CVE-2006-3548
https://notcve.org/view.php?id=CVE-2006-3548
13 Jul 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). Múltiples vu... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html •

CVE-2006-2195
https://notcve.org/view.php?id=CVE-2006-2195
15 Jun 2006 — Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en horde 3 (horde3) anterior a v3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) templates/problem/problem.inc y (2) test.php. • http://bugs.gentoo.org/show_bug.cgi?id=136830 •

CVE-2006-1260 – Horde Web-Mail 3.x - 'go.php' Remote File Disclosure
https://notcve.org/view.php?id=CVE-2006-1260
19 Mar 2006 — Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. • https://www.exploit-db.com/exploits/4850 •

CVE-2005-3759
https://notcve.org/view.php?id=CVE-2005-3759
22 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. • http://lists.horde.org/archives/announce/2005/000232.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2005-3344
https://notcve.org/view.php?id=CVE-2005-3344
16 Nov 2005 — The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. La instalación por defecto de Horde 3.0.4 contiene una cuenta administrativa con una contraseña en blanco, lo que permite a atacantes remotos ganar acceso. • http://www.debian.org/security/2005/dsa-884 •