Vulnerabilities > Horde
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-14 | CVE-2014-4946 | Cross-Site Scripting vulnerability in Horde Groupware and Internet Mail Program Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. | 4.3 |
| 2014-07-14 | CVE-2014-4945 | Cross-Site Scripting vulnerability in Horde Groupware and Internet Mail Program Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. | 4.3 |
| 2014-04-05 | CVE-2012-6640 | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565. | 4.3 |
| 2014-04-05 | CVE-2012-5567 | Cross-Site Scripting vulnerability in Horde Groupware and Kronolith H4 Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. | 4.3 |
| 2014-04-05 | CVE-2012-5566 | Cross-Site Scripting vulnerability in Horde Groupware and Kronolith H4 Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view. | 4.3 |
| 2014-04-05 | CVE-2012-5565 | Cross-Site Scripting vulnerability in Horde Groupware and IMP Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view. | 4.3 |
| 2014-04-01 | CVE-2014-1691 | Code Injection vulnerability in Horde Application Framework The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | 7.5 |
| 2014-01-16 | CVE-2012-6620 | Cross-Site Scripting vulnerability in Horde Kronolith H4 Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-09-25 | CVE-2012-0209 | Code Injection vulnerability in Horde Groupware and Horde Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. | 7.5 |
| 2012-01-24 | CVE-2012-0909 | Cross-Site Scripting vulnerability in Horde Groupware Webmail Edition Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. | 4.3 |