CVE-2025-41066

all versions

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of

5.3MEDIUM

CVE-2022-30287

<= 5.2.22

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a dr

8.0HIGH

CVE-2021-26929

<= 5.2.22

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is

6.1MEDIUM

CVE-2020-8034

all versions

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site

6.1MEDIUM

CVE-2020-8035

< 5.2.22

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) v

6.1MEDIUM

CVE-2020-8866

all versions

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition

6.5MEDIUM

CVE-2020-8865

all versions

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition

6.3MEDIUM

CVE-2020-8518

all versions

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

9.8CRITICAL

CVE-2013-6275

<= 5.1.2

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

6.5MEDIUM

CVE-2013-6365

all versions

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

5.3MEDIUM

CVE-2013-6364

all versions

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

8.8HIGH

CVE-2019-12095

<= 5.2.22

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the tre

8.8HIGH

CVE-2019-12094

<= 5.2.22

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=re

6.1MEDIUM

CVE-2019-9858

all versions

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class

8.8HIGH

CVE-2017-16908

all versions

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote cod

5.4MEDIUM

CVE-2017-16907

all versions

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

5.4MEDIUM

CVE-2017-16906

>= 5.2.19 and <= 5.2.22

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action.

5.4MEDIUM

CVE-2017-15235

all versions

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file

7.5HIGH

CVE-2017-7414

all versions

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the

7.5HIGH

CVE-2017-7413

<= 5.2.17

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the atta

8.8HIGH

CVE-2016-5303

all versions

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition befor

6.1MEDIUM

CVE-2016-2228

<= 5.2.11

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Gr

6.1MEDIUM

CVE-2015-8807

all versions

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRende

6.1MEDIUM

CVE-2015-7984

>= 5.0.0 and < 5.2.11

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupwa

CVE-2014-4946

<= 5.1.4

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware

CVE-2014-4945

<= 5.1.4

Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware

CVE-2012-6640

<= 4.0.8

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Ed

CVE-2012-5567

<= 4.0.8

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Gro

CVE-2012-5566

<= 4.0.7

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Gro

CVE-2012-5565

<= 4.0.8

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Hord

CVE-2012-0209

all versions

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and

CVE-2010-4778

<= 1.2.6

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail E

CVE-2010-3693

<= 1.2.6

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.

CVE-2010-3695

<= 1.2.6

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition befo

CVE-2009-4363

<= 1.2.4

Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Gro

CVE-2009-3701

<= 1.2.4

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, H

CVE-2009-3237

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupwar

CVE-2009-3236

all versions

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1

CVE-2008-7219

all versions

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.

CVE-2008-7218

all versions

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6

CVE-2009-0932

all versions

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 al

CVE-2009-0931

<= 1.1.1

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3

CVE-2008-2783

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote atta

CVE-2008-1974

all versions

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware

CVE-2008-1284

<= 1.0.4

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running

CVE-2008-0807

all versions

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as

CVE-2007-1679

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbi

5.4MEDIUM

CVE-2007-0579

all versions

Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allow