Vulnerabilities > Horde > Horde > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-21 | CVE-2006-4255 | Cross-Site Scripting vulnerability in Horde Products Search.PHP Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. network horde | 4.3 |
| 2006-07-13 | CVE-2006-3548 | Cross-Site Scripting vulnerability in Horde Application Framework Services Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). network horde | 4.3 |
| 2006-06-15 | CVE-2006-2195 | Cross-Site Scripting vulnerability in Horde Application Framework Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. network horde | 6.8 |
| 2006-03-19 | CVE-2006-1260 | Information Disclosure vulnerability in Horde Application Framework Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | 5.0 |
| 2005-11-22 | CVE-2005-3759 | Cross-Site Scripting vulnerability in Horde Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | 5.8 |
| 2005-05-02 | CVE-2005-0378 | Cross-Site Scripting vulnerability in Horde 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. network horde | 4.3 |