Horde: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-05-02
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVSS Score
6.8
EPSS Score
0.007
Published
2005-04-25
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-12-31
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-12-31
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
CVSS Score
6.8
EPSS Score
0.011
Published
2004-08-06
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVSS Score
6.4
EPSS Score
0.006
Published
2003-10-20
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
CVSS Score
7.5
EPSS Score
0.018
Published
2003-01-17
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVSS Score
5.3
EPSS Score
0.004
Published
2002-12-31
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVSS Score
7.5
EPSS Score
0.015
Published
2002-04-22
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-10-18