Vendor CVEs
Horde (software)
All CVEs
123 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-3570 | 0.00 | — | 0.02 | Nov 16, 2005 | Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | |||
| CVE-2005-1314 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1315 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-0378 | 0.00 | — | 0.01 | May 2, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | |||
| CVE-2005-1319 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1318 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1313 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1321 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1320 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1316 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-0961 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | |||
| CVE-2005-1322 | 0.00 | — | 0.01 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2005-1317 | 0.00 | — | 0.02 | Apr 25, 2005 | Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||
| CVE-2004-2741 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | |||
| CVE-2004-1443 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | |||
| CVE-2004-0584 | 0.00 | — | 0.01 | Aug 6, 2004 | Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS)… | |||
| CVE-2003-0728 | 0.00 | — | 0.01 | Oct 20, 2003 | Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | |||
| CVE-2002-0181 | 0.00 | — | 0.02 | Apr 22, 2002 | Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | |||
| CVE-2001-0744 | 0.00 | — | 0.00 | Oct 18, 2001 | Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | |||
| CVE-2001-1258 | 0.00 | — | 0.00 | Jul 21, 2001 | Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | |||
| CVE-2001-1257 | 0.00 | — | 0.02 | Jul 21, 2001 | Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | |||
| CVE-2000-0910 | 0.00 | — | 0.00 | Dec 19, 2000 | Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | |||
| CVE-2000-0911 | 0.00 | — | 0.02 | Dec 19, 2000 | IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. |
- CVE-2005-3570Nov 16, 2005risk 0.00cvss —epss 0.02
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
- CVE-2005-1314May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1315May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-0378May 2, 2005risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
- CVE-2005-1319May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1318May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1313May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1321May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1320May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1316May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-0961May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
- CVE-2005-1322May 2, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2005-1317Apr 25, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
- CVE-2004-2741Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
- CVE-2004-1443Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
- CVE-2004-0584Aug 6, 2004risk 0.00cvss —epss 0.01
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS)…
- CVE-2003-0728Oct 20, 2003risk 0.00cvss —epss 0.01
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
- CVE-2002-0181Apr 22, 2002risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
- CVE-2001-0744Oct 18, 2001risk 0.00cvss —epss 0.00
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
- CVE-2001-1258Jul 21, 2001risk 0.00cvss —epss 0.00
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
- CVE-2001-1257Jul 21, 2001risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
- CVE-2000-0910Dec 19, 2000risk 0.00cvss —epss 0.00
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
- CVE-2000-0911Dec 19, 2000risk 0.00cvss —epss 0.02
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
Page 3 of 3