Horde

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-0378 1Horde 1Horde Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
CVE-2005-1317 1Horde 1Chora Apr 16, 2026 Apr 25, 2005 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2004-2741 1Horde 1Application Framework Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module pa...Show more Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.Show less
CVE-2004-1443 1Horde 1Imp Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or...Show more Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.Show less
CVE-2004-0584 1Horde 1Imp Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail me...Show more Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.Show less
CVE-2003-0728 1Horde 1Horde Apr 16, 2026 Oct 20, 2003 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVE-2003-0025 1Horde 1Imp Apr 16, 2026 Jan 17, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.p...Show more Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.Show less
CVE-2002-2024 1Horde 1Imp Apr 16, 2026 Dec 31, 2002 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which...Show more Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.Show less
CVE-2002-0181 1Horde 2Horde Imp Apr 16, 2026 Apr 22, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
CVE-2001-0744 1Horde 1Imp Apr 16, 2026 Oct 18, 2001 N/A· v4 N/A· v3 2.1 LOW· v2 Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
CVE-2001-1258 1Horde 1Imp Apr 16, 2026 Jul 21, 2001 N/A· v4 N/A· v3 3.6 LOW· v2 Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVE-2001-1257 1Horde 1Imp Apr 16, 2026 Jul 21, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2000-0911 1Horde 1Imp Apr 16, 2026 Dec 19, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
CVE-2000-0910 1Horde 1Horde Apr 16, 2026 Dec 19, 2000 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.

Previous 1 2 3 4 56