Filtered by vendor Horde Subscriptions

Search

Switch to Advanced Search (Beta)
Total 116 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-4191 1 Horde 1 Nag Task List Manager H3 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
CVE-2004-2741 1 Horde 1 Application Framework 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
CVE-2006-4255 1 Horde 2 Horde, Imp 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
CVE-2005-1317 1 Horde 1 Chora 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1318 1 Horde 1 Forwards 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1320 1 Horde 1 Mnemo 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2004-0584 1 Horde 1 Imp 2025-04-03 N/A
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
CVE-2000-0910 1 Horde 1 Horde 2025-04-03 N/A
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVE-2005-3759 1 Horde 1 Horde 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVE-2005-4192 1 Horde 1 Mnemo Note Manager H3 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad.
CVE-2005-4242 1 Horde 1 Turba H3 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.
CVE-2006-4256 1 Horde 1 Application Framework 2025-04-03 N/A
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
CVE-2005-1316 1 Horde 1 Accounts 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-3344 1 Horde 1 Horde 2025-04-03 N/A
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVE-2005-3570 1 Horde 1 Horde 2025-04-03 N/A
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVE-2006-3549 1 Horde 1 Horde Application Framework 2025-04-03 N/A
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
CVE-2005-1315 1 Horde 1 Turba 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2001-0744 1 Horde 1 Imp 2025-04-03 N/A
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
CVE-2001-1257 1 Horde 1 Imp 2025-04-03 N/A
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2022-30287 2 Debian, Horde 2 Debian Linux, Groupware 2024-11-21 8.0 High
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.