Horde Application Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Horde Application Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2006-1491 — CVSS 7.5 (high): Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to…
CVE-2005-0961 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2006-4256 — CVSS 4.3 (medium): index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful…
CVE-2008-5917 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and…
CVE-2009-3236 — CVSS 4.3 (medium): The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and…
CVE-2009-3701 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde…
CVE-2004-2741 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to…
CVE-2009-4363 — CVSS 4.3 (medium): Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware…