Vulnerabilities > Horde > Horde Application Framework > 1.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-01 | CVE-2014-1691 | Code Injection vulnerability in Horde Application Framework The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | 7.5 |
2010-11-09 | CVE-2010-3694 | Cross-Site Request Forgery (CSRF) vulnerability in Horde Application Framework Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. | 6.8 |
2010-11-09 | CVE-2010-3077 | Cross-Site Scripting vulnerability in Horde Application Framework Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. | 4.3 |