Horde
Source repositories
- https://github.com/horde/hordearchived
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0378 | 0.00 | — | 0.01 | May 2, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | |||
| CVE-2005-0961 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | |||
| CVE-2003-0728 | 0.00 | — | 0.01 | Oct 20, 2003 | Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | |||
| CVE-2002-0181 | 0.00 | — | 0.02 | Apr 22, 2002 | Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | |||
| CVE-2000-0910 | 0.00 | — | 0.00 | Dec 19, 2000 | Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. |
- CVE-2005-0378May 2, 2005risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
- CVE-2005-0961May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
- CVE-2003-0728Oct 20, 2003risk 0.00cvss —epss 0.01
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
- CVE-2002-0181Apr 22, 2002risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
- CVE-2000-0910Dec 19, 2000risk 0.00cvss —epss 0.00
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
Page 2 of 2