Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horde horde groupware vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2022-30287
Horde Groupware Webmail Edition up to and including 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Horde Groupware
Debian Debian Linux 10.0
5.4
CVSSv3
CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer prior to 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
Horde Horde Mime Viewer
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-26929
An XSS issue exists in Horde Groupware Webmail Edition up to and including 5.2.22 (where the Horde_Text_Filter library prior to 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2h...
Horde Groupware
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2020-8034
Gollem prior to 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain acces...
Horde Groupware 5.2.22
Horde Gollem
6.1
CVSSv3
CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition prior to 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making the...
Horde Groupware
6.3
CVSSv3
CVE-2020-8865
This vulnerability allows remote malicious users to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] p...
Horde Groupware 5.2.22
Debian Debian Linux 8.0
2 EDB exploits
6.5
CVSSv3
CVE-2020-8866
This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of pr...
Horde Groupware 5.2.22
Horde Horde Form
Debian Debian Linux 8.0
2 EDB exploits
9.8
CVSSv3
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
6.5
CVSSv3
CVE-2013-6275
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and previous versions in basic.php.
Horde Groupware
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
8.8
CVSSv3
CVE-2013-6364
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Horde Groupware 5.1.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »