Vulnerabilities > Horde > Groupware > 5.2.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-28 | CVE-2022-30287 | Unsafe Reflection vulnerability in multiple products Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. | 8.0 |
| 2021-02-14 | CVE-2021-26929 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). | 4.3 |
| 2020-05-18 | CVE-2020-8035 | Cross-site Scripting vulnerability in Horde Groupware The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. | 4.3 |
| 2019-10-24 | CVE-2019-12095 | Cross-Site Request Forgery (CSRF) vulnerability in Horde Groupware Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. | 6.8 |
| 2019-10-24 | CVE-2019-12094 | Cross-site Scripting vulnerability in Horde Groupware Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. | 4.3 |