| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-3548 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https,
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2006-3549 | 5.0 |
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1)
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2006-4256 | 4.3 |
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have ref
|
17-10-2018 - 21:34 | 21-08-2006 - 20:04 | |
| CVE-2007-1473 | 4.3 |
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
| CVE-2007-1474 | 6.8 |
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
|
29-07-2017 - 01:30 | 16-03-2007 - 21:19 |