horde

Top products

The 15 most recently published vulnerabilities affecting horde.

• CVE-2025-41066Disclosure of sensitive information in Horde Groupware5.3Dec 2, 2025
• CVE-2025-30349Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that m...7.2Mar 21, 2025
• CVE-2022-30287Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP obj...8.0Jul 28, 2022
• CVE-2022-26874lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.5.4Mar 11, 2022
• CVE-2021-26929An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with Jav...6.1Feb 14, 2021
• CVE-2020-8034Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the...6.1May 18, 2020
• CVE-2020-8035The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payloa...6.1May 18, 2020
• CVE-2020-8866This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. T...6.5Mar 23, 2020
• CVE-2020-8865This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. ...6.3Mar 23, 2020
• CVE-2020-8518Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.9.8Feb 17, 2020
• CVE-2013-6275Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.6.5Nov 5, 2019
• CVE-2013-6365Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions5.3Nov 5, 2019
• CVE-2013-6364Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book8.8Nov 5, 2019
• CVE-2019-12095Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOT...8.8Oct 24, 2019
• CVE-2019-12094Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.6.1Oct 24, 2019