Vulnerabilities > Horde > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-05 | CVE-2013-6365 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | 2.6 |
| 2017-11-20 | CVE-2017-16906 | Cross-site Scripting vulnerability in Horde Groupware In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | 3.5 |
| 2017-11-20 | CVE-2017-16907 | Cross-site Scripting vulnerability in Horde Groupware 5.2.19/5.2.21 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | 3.5 |
| 2017-11-20 | CVE-2017-16908 | Cross-site Scripting vulnerability in Horde Groupware 5.2.19 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. | 3.5 |
| 2005-12-13 | CVE-2005-4189 | HTML Injection vulnerability in Horde Kronolith Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. network horde | 3.5 |
| 2005-12-13 | CVE-2005-4190 | Cross-Site Scripting vulnerability in Horde Application Framework Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. | 3.5 |
| 2005-12-13 | CVE-2005-4191 | Remote HTML Injection vulnerability in Horde Nag Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist. network horde | 3.5 |
| 2005-12-13 | CVE-2005-4192 | Remote HTML Injection vulnerability in Horde Mnemo Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad. network horde | 3.5 |
| 2001-10-18 | CVE-2001-0744 | Local Security vulnerability in IMP Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | 2.1 |
| 2001-07-21 | CVE-2001-1258 | Local 'prefs.lang' vulnerability in Horde IMP Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | 3.6 |