Search Results (118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7219 1 Horde 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more 2026-04-23 N/A
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
CVE-2009-2360 1 Horde 1 Passwd 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.
CVE-2008-3824 2 Horde, Popoon 2 Horde, Popoon 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
CVE-2009-3701 1 Horde 2 Application Framework, Groupware 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
CVE-2008-4182 1 Horde 1 Turba Contact Manager H3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.
CVE-2008-2783 1 Horde 3 Groupware, Groupware Webmail Edition, Kronolith 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6018 1 Horde 4 Framework, Groupware Webmail Edition, Horde and 1 more 2026-04-23 N/A
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
CVE-2005-4191 1 Horde 1 Nag Task List Manager H3 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
CVE-2005-4190 1 Horde 1 Horde Application Framework 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
CVE-2005-1313 1 Horde 1 Passwd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-4189 1 Horde 1 Kronolith H3 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
CVE-2005-4080 1 Horde 1 Imp 2026-04-16 N/A
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
CVE-2005-0961 1 Horde 1 Application Framework 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
CVE-2002-2024 1 Horde 1 Imp 2026-04-16 5.3 Medium
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVE-2005-3759 1 Horde 1 Horde 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVE-2005-3570 1 Horde 1 Horde 2026-04-16 N/A
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVE-2005-0378 1 Horde 1 Horde 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVE-2005-3344 1 Horde 1 Horde 2026-04-16 N/A
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVE-2005-1322 1 Horde 1 Nag 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2004-2741 1 Horde 1 Application Framework 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.