Horde Groupware
21 CVEs affecting Horde Groupware. Latest disclosed: 2025-12-02. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7413 | High | 8.8 | 2017-04-04 | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Hord… |
CVE-2017-15235 | High | 7.5 | 2017-10-11 | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn pa… |
CVE-2017-7414 | High | 7.5 | 2017-04-04 | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled… |
CVE-2016-5303 | Medium | 6.1 | 2016-12-20 | Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attack… |
CVE-2016-2228 | Medium | 6.1 | 2016-04-13 | Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition befor… |
CVE-2015-8807 | Medium | 6.1 | 2016-04-13 | Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupwa… |
CVE-2017-16908 | Medium | 5.4 | 2017-11-20 | In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromisin… |
CVE-2017-16907 | Medium | 5.4 | 2017-11-20 | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. |
CVE-2017-16906 | Medium | 5.4 | 2017-11-20 | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. |
CVE-2025-41066 | | 2025-12-02 | Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system… | |
CVE-2015-7984 | | 2015-11-19 | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2… | |
CVE-2014-4946 | | 2014-07-14 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5… | |
CVE-2014-4945 | | 2014-07-14 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5… | |
CVE-2012-6640 | | 2014-04-05 | Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows re… | |
CVE-2012-5567 | | 2014-04-05 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before… | |
CVE-2012-5566 | | 2014-04-05 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before… | |
CVE-2012-5565 | | 2014-04-05 | Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition b… | |
CVE-2012-0209 | | 2012-09-25 | Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an ex… | |
CVE-2010-4778 | | 2011-04-04 | Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow re… | |
CVE-2010-3693 | | 2011-04-04 | Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to… |