Vulnerabilities > Horde > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-11 | CVE-2022-26874 | Cross-site Scripting vulnerability in multiple products lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. | 5.4 |
2021-02-14 | CVE-2021-26929 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). | 6.1 |
2020-05-18 | CVE-2020-8034 | Cross-site Scripting vulnerability in Horde Gollem and Groupware Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. | 6.1 |
2020-05-18 | CVE-2020-8035 | Cross-site Scripting vulnerability in Horde Groupware The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. | 6.1 |
2020-03-23 | CVE-2020-8866 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. | 6.5 |
2020-03-23 | CVE-2020-8865 | Path Traversal vulnerability in multiple products This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. | 6.3 |
2019-11-05 | CVE-2013-6275 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | 6.5 |
2019-11-05 | CVE-2013-6365 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | 5.3 |
2019-10-24 | CVE-2019-12094 | Cross-site Scripting vulnerability in Horde Groupware Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. | 6.1 |
2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 5.9 |