Groupware Security Vulnerabilities and Issues — Groupware CVE List

Lucene search

HordeGroupware

6 matches found

CVE•added 2019/05/29 5:29 p.m.•123 views

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which u...

8.8CVSS8.8AI score0.80906EPSS

CVE•added 2019/10/24 6:15 p.m.•119 views

CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.

8.8CVSS8.1AI score0.00478EPSS

CVE•added 2019/10/24 5:15 p.m.•117 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.

6.1CVSS6.8AI score0.00953EPSS

CVE•added 2019/11/05 2:15 p.m.•54 views

CVE-2013-6364

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

8.8CVSS8.3AI score0.01691EPSS

CVE•added 2019/11/05 2:15 p.m.•51 views

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

5.3CVSS5.9AI score0.00178EPSS

CVE•added 2019/11/05 7:15 p.m.•50 views

CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

6.5CVSS6.4AI score0.01945EPSS