Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde groupware vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
3.5
CVSSv2
CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer prior to 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
Horde Horde Mime Viewer
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2021-26929
An XSS issue exists in Horde Groupware Webmail Edition up to and including 5.2.22 (where the Horde_Text_Filter library prior to 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2h...
4.3
CVSSv2
CVE-2020-8034
Gollem prior to 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain acces...
Horde Gollem
Horde Groupware 5.2.22
4.3
CVSSv2
CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition prior to 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making the...
Horde Groupware
6.5
CVSSv2
CVE-2020-8865
This vulnerability allows remote malicious users to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] p...
Horde Groupware 5.2.22
Debian Debian Linux 8.0
2 EDB exploits
4
CVSSv2
CVE-2020-8866
This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of pr...
Horde Groupware 5.2.22
Horde Horde Form
Debian Debian Linux 8.0
2 EDB exploits
7.5
CVSSv2
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
4.3
CVSSv2
CVE-2013-6275
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and previous versions in basic.php.
Horde Groupware
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
6.8
CVSSv2
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Groupware 5.1.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »