Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Horde Subscribe
Filtered by product Groupware
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16906 1 Horde 1 Groupware 2024-11-21 3.5 LOW 5.4 MEDIUM
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
CVE-2017-15235 1 Horde 1 Groupware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVE-2013-6365 3 Debian, Horde, Opensuse 3 Debian Linux, Groupware, Opensuse 2024-11-21 2.6 LOW 5.3 MEDIUM
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVE-2013-6364 2 Debian, Horde 2 Debian Linux, Groupware 2024-11-21 6.8 MEDIUM 8.8 HIGH
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
CVE-2013-6275 2 Debian, Horde 2 Debian Linux, Groupware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.