Horde : Security Vulnerabilities, CVEs, (XSS) CVSS score >= 8
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Max CVSS
8.8
EPSS Score
4.91%
Published
2019-10-24
Updated
2020-08-24
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Max CVSS
8.8
EPSS Score
0.46%
Published
2019-11-05
Updated
2020-08-18
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
Max CVSS
9.0
EPSS Score
0.10%
Published
2008-08-13
Updated
2017-08-08
3 vulnerabilities found