Vulnerabilities > Horde

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-05	CVE-2013-6364	Cross-site Scripting vulnerability in multiple products Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book network low complexity horde debian CWE-79	8.8
2019-10-24	CVE-2019-12095	Cross-site Scripting vulnerability in Horde Groupware Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. network low complexity horde CWE-79	8.8
2019-10-24	CVE-2019-12094	Cross-site Scripting vulnerability in Horde Groupware Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. network low complexity horde CWE-79	6.1
2019-05-29	CVE-2019-9858	Path Traversal vulnerability in multiple products Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. network low complexity horde debian CWE-22	8.8
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9
2018-04-10	CVE-2014-3999	Improper Authentication vulnerability in Horde Ldap The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. network high complexity horde CWE-287	8.1
2017-11-20	CVE-2017-16908	Cross-site Scripting vulnerability in Horde Groupware 5.2.19 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. network low complexity horde CWE-79	5.4
2017-11-20	CVE-2017-16907	Cross-site Scripting vulnerability in Horde Groupware 5.2.19/5.2.21 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. network low complexity horde CWE-79	5.4
2017-11-20	CVE-2017-16906	Cross-site Scripting vulnerability in Horde Groupware In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. network low complexity horde CWE-79	5.4

Vulnerabilities > Horde {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Horde"}]}

Vulnerabilities > Horde