Vulnerabilities > Horde

DATE CVE VULNERABILITY TITLE RISK
2005-12-13 CVE-2005-4191 Remote HTML Injection vulnerability in Horde Nag
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
network
horde
3.5
3.5
2005-12-13 CVE-2005-4190 Cross-Site Scripting vulnerability in Horde Application Framework
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
network
horde CWE-79
3.5
3.5
2005-12-13 CVE-2005-4189 HTML Injection vulnerability in Horde Kronolith
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
network
horde
3.5
3.5
2005-12-08 CVE-2005-4080 Unspecified vulnerability in Horde IMP
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
network
horde
4.3
4.3
2005-11-22 CVE-2005-3759 Cross-Site Scripting vulnerability in Horde
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
network
horde CWE-79
5.8
5.8
2005-11-16 CVE-2005-3570 Cross-Site Scripting vulnerability in Horde
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
network
horde CWE-79
4.3
4.3
2005-11-16 CVE-2005-3344 Unspecified vulnerability in Horde 3.0.4
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
network
low complexity
horde
critical
 10.0
10
2005-05-02 CVE-2005-1322 Cross-Site Scripting vulnerability in Horde NAG 1.1.1/1.1.2
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
network
horde
4.3
4.3
2005-05-02 CVE-2005-1321 Cross-Site Scripting vulnerability in Vaction
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
network
horde
4.3
4.3
2005-05-02 CVE-2005-1320 Cross-Site Scripting vulnerability in Mnemo
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
network
horde
4.3
4.3