Horde Horde Application Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Horde Horde Application Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2014-1691 — CVSS 7.5 (high): The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object…
CVE-2010-3694 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the…
CVE-2007-1474 — CVSS 6.8 (medium): Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows…
CVE-2015-7984 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware…
CVE-2006-3549 — CVSS 5.0 (medium): services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy…
CVE-2009-3237 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1…
CVE-2007-1473 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a…
CVE-2010-3077 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers…
CVE-2005-4190 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject…