Lucene search
+L

163 matches found

CVE
CVE
added 2021/02/14 3:43 a.m.165 views

CVE-2021-26929

CVE-2021-26929 affects Horde Groupware Webmail Edition up to 5.2.22 (Horde_Text_Filter before 2.3.7). The vulnerability is an XSS in which a attacker can send a plain text email containing JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, due to bespoke use ...

6.1CVSS5.8AI score0.04944EPSS
Exploits7References7Affected Software1
Debian CVE
Debian CVE
added 2021/02/14 3:43 a.m.26 views

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

6.1CVSS6.2AI score0.04944EPSS
Exploits7
CNNVD
CNNVD
added 2021/02/13 12:0 a.m.10 views

Horde Groupware Webmail 跨站脚本漏洞

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A cross-site scripting vulnerability exists in Horde Groupware Webmail Edition, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

6.1CVSS6.3AI score0.04944EPSS
Exploits7References14
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.30 views

(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the displaytasklists parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.23 views

(0Day) Horde Groupware Webmail Edition Flags msgflags Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Flags.php. When parsing the msgflags parameter, the process does not properl...

6.3CVSS5.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.17 views

(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.30 views

(0Day) Horde Groupware Webmail Edition prefs sync_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the syncnotepads parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.27 views

(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the displaytasklists parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.26 views

(0Day) Horde Groupware Webmail Edition attendees fb_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within attendees.php. When parsing the fbcals parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.27 views

(0Day) Horde Groupware Webmail Edition Nag show_external Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the showexternal parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.30 views

(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.32 views

(0Day) Horde Groupware Webmail Edition Mnemo display_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Mnemo.php. When parsing the displaynotepads parameter, the process does not...

6.3CVSS5.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.30 views

(0Day) Horde Groupware Webmail Edition Kronolith remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the remotecals parameter, the process does not...

6.3CVSS5AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.28 views

(0Day) Horde Groupware Webmail Edition remote_edit remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within remoteedit.php. When parsing the remotecals parameter, the process does not...

6.3CVSS5.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/08/19 12:0 a.m.23 views

(0Day) Horde Groupware Webmail Edition Collection portal_layout Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the portallayout parameter, the process does no...

6.3CVSS5.2AI score
Exploits0
CNVD
CNVD
added 2020/05/19 12:0 a.m.5 views

Horde Groupware Webmail Cross-Site Scripting Vulnerability (CNVD-2020-33657)

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A cross-site scripting vulnerability exists in the image viewing feature in Horde Groupware Webmail Edition prior to 5.2.22, which can be exploited to gain access to a user's Webmail account via a...

6.1CVSS6.4AI score0.00881EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/19 12:0 a.m.4 views

Horde Gollem Cross-Site Scripting Vulnerability

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. Gollem is a file manager used in it. A cross-site scripting vulnerability exists in Horde Gollem versions prior to 3.0.13 used in Horde Groupware Webmail Edition version 5.2.22 and other products,...

6.1CVSS6.4AI score0.00974EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/05/18 3:15 p.m.19 views

CVE-2020-8035

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...

6.1CVSS6.4AI score0.00881EPSS
Exploits0References5
OSV
OSV
added 2020/05/18 3:15 p.m.3 views

UBUNTU-CVE-2020-8035

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...

6.1CVSS6.4AI score0.00881EPSS
Exploits0References6
CVE
CVE
added 2020/05/18 2:55 p.m.94 views

CVE-2020-8035

Affected software: Horde Groupware Webmail Edition. Vulnerability: stored XSS via SVG image uploads, enabling a remote attacker to obtain access to a victim’s webmail account. Affected versions are Horde Groupware Webmail Edition prior to 5.2.22. Risk details are stated in the connected documents...

6.1CVSS5.8AI score0.00881EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder