Horde : Security Vulnerabilities, CVEs, Published In 2016 (XSS)
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
Max CVSS
6.1
EPSS Score
0.19%
Published
2016-12-20
Updated
2016-12-23
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
Max CVSS
6.1
EPSS Score
0.53%
Published
2016-04-13
Updated
2019-06-18
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.
Max CVSS
6.1
EPSS Score
0.43%
Published
2016-04-13
Updated
2019-06-18
3 vulnerabilities found