Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1691 |
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. Published: April 01, 2014; 11:55:06 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-3694 |
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. Published: November 09, 2010; 4:00:04 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3077 |
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. Published: November 09, 2010; 4:00:04 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-3237 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php). Published: September 17, 2009; 6:30:01 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |