Every CVE whose affected-product data names Horde Imp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2003-0025 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and…
CVE-2002-0181 — CVSS 7.5 (high): Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and…
CVE-2001-1257 — CVSS 7.5 (high): Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute…
CVE-2004-0584 — CVSS 6.8 (medium): Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote…
CVE-2007-1474 — CVSS 6.8 (medium): Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows…
CVE-2007-6018 — CVSS 5.8 (medium): IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP…
CVE-2002-2024 — CVSS 5.3 (medium): Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2)…
CVE-2010-0463 — CVSS 5.0 (medium): Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which…
CVE-2000-0911 — CVSS 5.0 (medium): IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes…
CVE-2012-6640 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition…
CVE-2004-1443 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used…
CVE-2005-1319 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or…
CVE-2005-4080 — CVSS 4.3 (medium): Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site…
CVE-2006-4255 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary…
CVE-2007-1515 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary…
CVE-2012-0791 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow…
CVE-2012-5565 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde…
CVE-2010-3695 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7…
CVE-2010-4778 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition…
CVE-2001-1258 — CVSS 3.6 (low): Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database…
CVE-2001-0744 — CVSS 2.1 (low): Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.