Lucene search
K
HordeApplication Framework

8 matches found

CVE
CVE
added 2009/01/21 2:0 a.m.112 views

CVE-2008-5917

The CVE-2008-5917 entry describes a Cross-site scripting (XSS) vulnerability in Horde Application Framework’s Text_Filter/Filter/xss.php, affecting Horde 3.2.2 and 3.3. It is reported when using Internet Explorer, allowing remote attackers to inject arbitrary web script or HTML via unknown vector...

4.3CVSS6.2AI score0.01299EPSS
CVE
CVE
added 2006/03/29 10:0 p.m.87 views

CVE-2006-1491

CVE-2006-1491 is a remote code execution vulnerability in the Horde Application Framework. The issue affects Horde 3.0.x before 3.0.10 and 3.1.x before 3.1.1, where unsanitized user input in the help viewer is passed to eval(), allowing arbitrary code execution on affected hosts. Related publicly...

7.5CVSS7.5AI score0.38441EPSS
Web
CVE
CVE
added 2009/09/17 10:0 a.m.83 views

CVE-2009-3236

CVE-2009-3236 affects Horde Application Framework 3.2 (before 3.2.5) and 3.3 (before 3.3.5), Groupware 1.1 (before 1.1.6) and 1.2 (before 1.2.4), and Horde Webmail Editions 1.1 (before 1.1.6) and 1.2 (before 1.2.4). The vulnerability arises from Horde_Form_Type_image reusing temporary upload file...

4.3CVSS6.9AI score0.02305EPSS
CVE
CVE
added 2009/12/21 4:0 p.m.79 views

CVE-2009-3701

CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...

4.3CVSS5.5AI score0.04832EPSS
Web
CVE
CVE
added 2005/04/03 5:0 a.m.63 views

CVE-2005-0961

Horde 3.0.4 is vulnerable to an XSS in the page title due to insufficient sanitization of the parent frame title, affecting versions before 3.0.4-RC2. The vulnerability allows remote attackers to inject arbitrary script/HTML. Remediation: upgrade to Horde 3.0.4-RC2 or later.

4.3CVSS5.5AI score0.01235EPSS
CVE
CVE
added 2009/12/21 4:0 p.m.58 views

CVE-2009-4363

CVE-2009-4363 affects Horde Framework components (Text_Filter/lib/Horde/Text/Filter/Xss.php) and related Horde Groupware packages, where data: URIs in HTML email HREF attributes could trigger cross-site scripting. Root cause is improper handling of data: URIs; vendor notes issue tied to Firefox. ...

4.3CVSS5AI score0.0137EPSS
CVE
CVE
added 2007/10/09 10:0 a.m.56 views

CVE-2004-2741

The CVE covers a Cross-site scripting (XSS) vulnerability in Horde Application Framework 2.2.6, specifically in the Help Window (help.php) of the Horde Help subsystem. The issue arises from improper sanitization of three parameters (module, topic, and module) that can be exploited remotely to inj...

4.3CVSS5.7AI score0.01263EPSS
CVE
CVE
added 2006/08/21 8:0 p.m.54 views

CVE-2006-4256

The CVE-2006-4256 issue affects the Horde Application Framework prior to 3.1.2, where index.php can include web pages from other sites via the url parameter, enabling cross-site referencing that could aid phishing. Affected platforms and advisories corroborate remote inclusion risks, with related...

4.3CVSS6.3AI score0.01668EPSS