Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVSS Score
5.0
EPSS Score
0.232
Published
2006-03-19
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVSS Score
5.8
EPSS Score
0.007
Published
2005-11-22
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVSS Score
10.0
EPSS Score
0.102
Published
2005-11-16
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVSS Score
4.3
EPSS Score
0.013
Published
2005-11-16
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVSS Score
4.3
EPSS Score
0.005
Published
2005-05-02
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVSS Score
6.4
EPSS Score
0.006
Published
2003-10-20
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVSS Score
7.5
EPSS Score
0.015
Published
2002-04-22
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-12-19
Page 2