Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-12-14
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
Max CVSS
3.5
EPSS Score
0.16%
Published
2005-12-13
Updated
2011-03-08
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
Max CVSS
3.5
EPSS Score
0.27%
Published
2005-12-13
Updated
2011-09-13
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
Max CVSS
3.5
EPSS Score
0.35%
Published
2005-12-13
Updated
2011-03-08
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
Max CVSS
4.3
EPSS Score
1.22%
Published
2005-12-08
Updated
2018-10-19
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
Max CVSS
5.8
EPSS Score
0.33%
Published
2005-11-22
Updated
2018-10-19
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
Max CVSS
4.3
EPSS Score
0.31%
Published
2005-11-16
Updated
2011-05-19
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
Max CVSS
10.0
EPSS Score
1.54%
Published
2005-11-16
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
6.8
EPSS Score
0.88%
Published
2005-04-25
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-10
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
Max CVSS
4.3
EPSS Score
0.25%
Published
2005-05-02
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
Max CVSS
4.3
EPSS Score
0.78%
Published
2005-05-02
Updated
2017-07-11
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!