Vulnerabilities > Horde > Horde Application Framework > 3.1.2

DATE CVE VULNERABILITY TITLE RISK
2014-04-01 CVE-2014-1691 Code Injection vulnerability in Horde Application Framework
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
network
low complexity
horde CWE-94
7.5
7.5
2010-11-09 CVE-2010-3694 Cross-Site Request Forgery (CSRF) vulnerability in Horde Application Framework
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
network
horde CWE-352
6.8
6.8
2010-11-09 CVE-2010-3077 Cross-Site Scripting vulnerability in Horde Application Framework
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
network
horde CWE-79
4.3
4.3
2007-03-16 CVE-2007-1473 Cross-Site Scripting vulnerability in Horde Framework Login.PHP
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
network
horde
4.3
4.3