Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Groupware
(Horde)| Repositories |
• https://github.com/horde/horde
• https://github.com/horde/kronolith • https://github.com/horde/base |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-03-26 | CVE-2007-1679 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages | Groupware | N/A | ||
| 2020-02-17 | CVE-2020-8518 | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | Debian_linux, Fedora, Groupware | 9.8 | ||
| 2022-07-28 | CVE-2022-30287 | Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | Debian_linux, Groupware | 8.0 |