CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2009-2360 – Horde 3.1 - 'Passwd' Module Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2360
08 Jul 2009 — Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Passwd anteriores a v3.1.1 de Horde, permite a los atacantes remotos inyectar código web o HTML a través del parametro backend • https://www.exploit-db.com/exploits/33065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0492 – PassWD 1.2 - Weak Encryption
https://notcve.org/view.php?id=CVE-2000-0492
04 Jun 2000 — PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords. • https://www.exploit-db.com/exploits/19989 •