Every CVE whose affected-product data names Horde Groupware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2008-7219 — CVSS 10.0 (critical): Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and…
CVE-2008-7218 — CVSS 10.0 (critical): Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2…
CVE-2020-8518 — CVSS 9.8 (critical): Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
CVE-2017-7413 — CVSS 8.8 (high): In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is…
CVE-2013-6364 — CVSS 8.8 (high): Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
CVE-2019-12095 — CVSS 8.8 (high): Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the…
CVE-2019-9858 — CVSS 8.8 (high): Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that…
CVE-2022-30287 — CVSS 8.0 (high): Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver…
CVE-2012-0209 — CVSS 7.5 (high): Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February…
CVE-2017-7414 — CVSS 7.5 (high): In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has…
CVE-2017-15235 — CVSS 7.5 (high): The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads…
CVE-2015-7984 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware…
CVE-2020-8866 — CVSS 6.5 (medium): This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22…
CVE-2020-8865 — CVSS 6.3 (medium): This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22…
CVE-2016-2228 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware…
CVE-2019-12094 — CVSS 6.1 (medium): Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&use…
CVE-2020-8034 — CVSS 6.1 (medium): Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting…
CVE-2020-8035 — CVSS 6.1 (medium): The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS)…
CVE-2021-26929 — CVSS 6.1 (medium): An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used)…
CVE-2016-5303 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16…
CVE-2015-8807 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.p…
CVE-2008-1284 — CVSS 6.0 (medium): Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with…
CVE-2017-16906 — CVSS 5.4 (medium): In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
CVE-2017-16908 — CVSS 5.4 (medium): In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code…
CVE-2025-41066 — CVSS 5.3 (medium): Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid…
CVE-2007-0579 — CVSS 5.1 (medium): Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote…
CVE-2008-0807 — CVSS 4.9 (medium): lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde…
CVE-2014-4945 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail…
CVE-2008-1974 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5…
CVE-2009-3236 — CVSS 4.3 (medium): The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and…
CVE-2009-3237 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1…
CVE-2009-3701 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde…
CVE-2009-4363 — CVSS 4.3 (medium): Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware…
CVE-2010-3693 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows…
CVE-2010-3695 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7…
CVE-2010-4778 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition…
CVE-2012-5565 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde…
CVE-2012-5566 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware…
CVE-2012-5567 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware…
CVE-2012-6640 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition…
CVE-2014-4946 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail…