[SECURITY] [DLA 4112-1] php-horde-editor - switch to CKEditor 4

------------------------------------------------------------------------- Debian LTS Advisory DLA-4112-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 03, 2025 https://wiki.debian.org/LTS -...

Debian dla-4113 : php-horde-imp - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4113 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4113-1 [email protected] https://www.debian.org/lts/security/...

Debian dla-4112 : php-horde-editor - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4112 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4112-1 [email protected] https://www.debian.org/lts/security/...

DLA-4112-1 php-horde-editor - switch to CKEditor 4

Bulletin has no description...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

DEBIAN-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

UBUNTU-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2025-30349

CVE-2025-30349 affects Horde IMP (webmail) up to version 6.2.27 used with Horde Application Framework up to 5.2.23. The issue is an XSS via a crafted text/html email containing an onerror attribute (potentially base64-encoded JavaScript), leading to account takeover. Exploitation was observed in ...

IMP 安全漏洞

IMP is an open source web-based webmail system from Horde. A security vulnerability exists in IMP version 6.2.27 and earlier, which originates from a specially crafted HTML email that could lead to account takeover...

VulnCheck KEV: CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

PT-2025-12433 · Horde +1 · Horde Imp +2

Name of the Vulnerable Software and Affected Versions: Horde IMP versions prior to 6.2.27 Horde Application Framework versions prior to 5.2.23 Description: A Cross-Site Scripting XSS vulnerability was discovered in Horde IMP, allowing an attacker to hijack a user session by sending a crafted e-ma...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

Debian: Security Advisory (DLA-3924-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3923-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3924-1] php-horde-mime-viewer security update

Debian LTS Advisory DLA-3924-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost October 19, 2024 https://wiki.debian.org/LTS Package : php-horde-mime-viewer Version : 2.2.4+debian0-2deb11u1 CVE ID : CVE-2022-26874 Debian Bug : It was discovered that there was a...

[SECURITY] [DLA 3923-1] php-horde-turba security update

Debian LTS Advisory DLA-3923-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost October 19, 2024 https://wiki.debian.org/LTS Package : php-horde-turba Version : 4.2.25-5+deb11u2 CVE ID : CVE-2022-30287 Debian Bug : 1012279 It was discovered that there was an arbitrary...