Vulnerabilities > Horde > Groupware > 5.2.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-8034 | Cross-site Scripting vulnerability in Horde Gollem and Groupware Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. | 6.1 |
| 2020-03-23 | CVE-2020-8866 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. | 6.5 |
| 2020-03-23 | CVE-2020-8865 | Path Traversal vulnerability in multiple products This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. | 6.3 |
| 2020-02-17 | CVE-2020-8518 | Code Injection vulnerability in multiple products Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 |
| 2019-05-29 | CVE-2019-9858 | Path Traversal vulnerability in multiple products Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. | 8.8 |
| 2017-11-20 | CVE-2017-16906 | Cross-site Scripting vulnerability in Horde Groupware In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | 5.4 |