Filtered by vendor Horde
Subscribe
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1322 | 1 Horde | 1 Nag | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1313 | 1 Horde | 1 Passwd | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2006-3549 | 1 Horde | 1 Horde Application Framework | 2023-12-10 | 5.0 MEDIUM | N/A |
| services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. | |||||
| CVE-2005-4242 | 1 Horde | 1 Turba H3 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. | |||||
| CVE-2005-0378 | 1 Horde | 1 Horde | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | |||||
| CVE-2005-4190 | 1 Horde | 1 Horde Application Framework | 2023-12-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag. | |||||
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2023-12-10 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | |||||
| CVE-2006-4256 | 1 Horde | 1 Application Framework | 2023-12-10 | 4.3 MEDIUM | N/A |
| index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. | |||||
| CVE-2005-4192 | 1 Horde | 1 Mnemo Note Manager H3 | 2023-12-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad. | |||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | |||||
| CVE-2005-1316 | 1 Horde | 1 Accounts | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1320 | 1 Horde | 1 Mnemo | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-3759 | 1 Horde | 1 Horde | 2023-12-10 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | |||||
| CVE-2005-0961 | 1 Horde | 1 Application Framework | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | |||||
| CVE-2005-3570 | 1 Horde | 1 Horde | 2023-12-10 | 4.3 MEDIUM | N/A |
| Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | |||||
| CVE-2006-2195 | 1 Horde | 1 Horde | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. | |||||
| CVE-2005-1317 | 1 Horde | 1 Chora | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2006-1260 | 1 Horde | 1 Horde | 2023-12-10 | 5.0 MEDIUM | N/A |
| Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | |||||
| CVE-2005-1315 | 1 Horde | 1 Turba | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2006-4255 | 1 Horde | 2 Horde, Imp | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | |||||