Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Horde Subscribe
Total 114 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4255 1 Horde 2 Horde, Imp 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
CVE-2005-1316 1 Horde 1 Accounts 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2002-2024 1 Horde 1 Imp 2025-04-03 5.0 MEDIUM 5.3 MEDIUM
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
CVE-2005-1317 1 Horde 1 Chora 2025-04-03 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1321 1 Horde 1 Vaction 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2001-1258 1 Horde 1 Imp 2025-04-03 3.6 LOW N/A
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVE-2005-0378 1 Horde 1 Horde 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVE-2005-1319 1 Horde 1 Imp 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1320 1 Horde 1 Mnemo 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-4242 1 Horde 1 Turba H3 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.
CVE-2005-3570 1 Horde 1 Horde 2025-04-03 4.3 MEDIUM N/A
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVE-2005-4192 1 Horde 1 Mnemo Note Manager H3 2025-04-03 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad.
CVE-2005-1322 1 Horde 1 Nag 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2004-1443 1 Horde 1 Imp 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVE-2005-1315 1 Horde 1 Turba 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-3759 1 Horde 1 Horde 2025-04-03 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVE-2000-0911 1 Horde 1 Imp 2025-04-03 5.0 MEDIUM N/A
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
CVE-2006-2195 1 Horde 1 Horde 2025-04-03 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2006-1260 1 Horde 1 Horde 2025-04-03 5.0 MEDIUM N/A
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVE-2005-4191 1 Horde 1 Nag Task List Manager H3 2025-04-03 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.