9 matches found
Debian dla-4113 : php-horde-imp - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4113 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4113-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-30349
creationtimestamp| type| source ---|---|--- 2025-03-21 17:19:13+00:00| exploited| https://t.me/DarkWebInformerCVEAlerts/8376 2025-03-21 20:09:28+00:00| exploited| https://t.me/cvedetector/20828 2025-03-22 21:01:54+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lkymr5yh3g2f...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...
CVE-2025-30349
CVE-2025-30349 affects Horde IMP (webmail) up to version 6.2.27 used with Horde Application Framework up to 5.2.23. The issue is an XSS via a crafted text/html email containing an onerror attribute (potentially base64-encoded JavaScript), leading to account takeover. Exploitation was observed in ...
CVE-2025-30349
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...