8 matches found
CVE-2008-5917
The CVE-2008-5917 entry describes a Cross-site scripting (XSS) vulnerability in Horde Application Framework’s Text_Filter/Filter/xss.php, affecting Horde 3.2.2 and 3.3. It is reported when using Internet Explorer, allowing remote attackers to inject arbitrary web script or HTML via unknown vector...
CVE-2006-1491
CVE-2006-1491 is a remote code execution vulnerability in the Horde Application Framework. The issue affects Horde 3.0.x before 3.0.10 and 3.1.x before 3.1.1, where unsanitized user input in the help viewer is passed to eval(), allowing arbitrary code execution on affected hosts. Related publicly...
CVE-2009-3236
CVE-2009-3236 affects Horde Application Framework 3.2 (before 3.2.5) and 3.3 (before 3.3.5), Groupware 1.1 (before 1.1.6) and 1.2 (before 1.2.4), and Horde Webmail Editions 1.1 (before 1.1.6) and 1.2 (before 1.2.4). The vulnerability arises from Horde_Form_Type_image reusing temporary upload file...
CVE-2009-3701
CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...
CVE-2005-0961
Horde 3.0.4 is vulnerable to an XSS in the page title due to insufficient sanitization of the parent frame title, affecting versions before 3.0.4-RC2. The vulnerability allows remote attackers to inject arbitrary script/HTML. Remediation: upgrade to Horde 3.0.4-RC2 or later.
CVE-2009-4363
CVE-2009-4363 affects Horde Framework components (Text_Filter/lib/Horde/Text/Filter/Xss.php) and related Horde Groupware packages, where data: URIs in HTML email HREF attributes could trigger cross-site scripting. Root cause is improper handling of data: URIs; vendor notes issue tied to Firefox. ...
CVE-2004-2741
The CVE covers a Cross-site scripting (XSS) vulnerability in Horde Application Framework 2.2.6, specifically in the Help Window (help.php) of the Horde Help subsystem. The issue arises from improper sanitization of three parameters (module, topic, and module) that can be exploited remotely to inj...
CVE-2006-4256
The CVE-2006-4256 issue affects the Horde Application Framework prior to 3.1.2, where index.php can include web pages from other sites via the url parameter, enabling cross-site referencing that could aid phishing. Affected platforms and advisories corroborate remote inclusion risks, with related...