Horde: >> Horde Application Framework >> 1.3.1 Security Vulnerabilities
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
CVSS Score
7.5
EPSS Score
0.814
Published
2014-04-01
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2010-11-09
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
CVSS Score
6.8
EPSS Score
0.002
Published
2010-11-09