Vulnerabilities > Horde > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-16 | CVE-2017-17688 | The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 5.9 |
| 2017-11-20 | CVE-2017-16908 | Cross-site Scripting vulnerability in Horde Groupware 5.2.19 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. | 5.4 |
| 2017-11-20 | CVE-2017-16907 | Cross-site Scripting vulnerability in Horde Groupware 5.2.19/5.2.21 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | 5.4 |
| 2017-11-20 | CVE-2017-16906 | Cross-site Scripting vulnerability in Horde Groupware In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | 5.4 |
| 2017-06-21 | CVE-2017-9773 | Improper Input Validation vulnerability in Horde Image Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | 5.7 |
| 2016-12-20 | CVE-2016-5303 | Cross-site Scripting vulnerability in Horde Groupware 5.2.15 Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. | 6.1 |
| 2016-04-13 | CVE-2016-2228 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php. | 6.1 |
| 2016-04-13 | CVE-2015-8807 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. | 6.1 |