Vulnerabilities > Horde > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2022-26874 | Cross-site Scripting vulnerability in multiple products lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. | 5.4 |
| 2021-02-14 | CVE-2021-26929 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). | 4.3 |
| 2020-05-18 | CVE-2020-8034 | Cross-site Scripting vulnerability in Horde Gollem and Groupware Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. | 4.3 |
| 2020-05-18 | CVE-2020-8035 | Cross-site Scripting vulnerability in Horde Groupware The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. | 4.3 |
| 2020-03-23 | CVE-2020-8866 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. | 6.5 |
| 2020-03-23 | CVE-2020-8865 | Path Traversal vulnerability in multiple products This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. | 6.3 |
| 2019-11-05 | CVE-2013-6275 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | 4.3 |
| 2019-11-05 | CVE-2013-6364 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | 6.8 |
| 2019-10-24 | CVE-2019-12095 | Cross-Site Request Forgery (CSRF) vulnerability in Horde Groupware Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. | 6.8 |
| 2019-10-24 | CVE-2019-12094 | Cross-site Scripting vulnerability in Horde Groupware Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. | 4.3 |