Horde Vulnerabilities

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Groupware Software	116

Product

Horde Groupware Webmail Edition	24
Horde Groupware	20
Horde IMP	18
Horde Application Framework	16
Horde Kronolith	6

Remediation

Official Fix	96
Temporary Fix	0
Workaround	0
Unavailable	2
Not Defined	18

Exploitability

High	8
Functional	0
Proof-of-Concept	32
Unproven	4
Not Defined	72

Access Vector

Not Defined	0
Physical	0
Local	2
Adjacent	0
Network	114

Authentication

Not Defined	0
High	0
Low	28
None	88

User Interaction

Not Defined	0
Required	84
None	32

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	6
≤5	46
≤6	18
≤7	24
≤8	18
≤9	2
≤10	2

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	14
≤5	46
≤6	30
≤7	14
≤8	8
≤9	2
≤10	2

VulDB

≤1	0
≤2	0
≤3	0
≤4	8
≤5	50
≤6	14
≤7	28
≤8	12
≤9	2
≤10	2

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	12
≤8	0
≤9	8
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	2
≤8	0
≤9	0
≤10	0

Vendor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	24
<2k	70
<5k	18
<10k	2
<25k	2
<50k	0
<100k	0
≥100k	0

Exploit Today

<1k	116
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Exploit Market Volume

🔴 CTI Activities

Affected Products (28): Accounts (1), Application Framework (16), Chora (1), Forwards (1), Gollem (1), Groupware (18), Groupware Webmail Edition (19), Horde Application Framework (1), IMP (24), IMP Webmail (7), IMP Webmail Client (1), Ingo H3 (1), Kronolith (6), Kronolith H3 (3), Kronolith H4 (1), Manager (1), Mnemo (1), Nag (1), Nag Task List Manager H3 (1), Passwd (1), Turba (1), Turba Contact Manager (1), Turba Contact Manager H3 (1), Turba H3 (2), Vaction (1), Webmail (3), cPanel (1), passwd (1)

Link to Vendor Website: https://www.horde.org/

Published	Base	Temp	Vulnerability	Prod	Exp	Rem	EPSS	CTI	CVE
06/09/2022	6.3	6.3	Horde Webmail Address Book Driver.php create injection	Groupware Software	Not Defined	Not Defined	0.00675	0.04	CVE-2022-30287
02/14/2021	4.8	4.6	Horde Groupware Webmail Edition Text Filter Library Text2html.php preProcess cross site scripting	Groupware Software	Not Defined	Official Fix	0.02166	0.00	CVE-2021-26929
05/18/2020	5.2	4.6	Horde Groupware Webmail Edition Image View Stored cross site scripting	Groupware Software	Not Defined	Official Fix	0.00135	0.04	CVE-2020-8035
03/23/2020	5.0	5.0	Horde Groupware Webmail Edition add.php unrestricted upload	Groupware Software	Not Defined	Not Defined	0.00467	0.08	CVE-2020-8866
03/23/2020	6.3	6.3	Horde Groupware Webmail Edition edit.php path traversal	Groupware Software	Not Defined	Not Defined	0.00333	0.17	CVE-2020-8865
02/17/2020	8.5	8.5	Horde Groupware Webmail Edition CSV Data code injection	Groupware Software	Not Defined	Not Defined	0.96492	0.05	CVE-2020-8518
11/05/2019	5.4	5.1	Horde Groupware Webmail Edition basic.php cross-site request forgery	Groupware Software	Proof-of-Concept	Official Fix	0.03280	0.02	CVE-2013-6275
11/05/2019	4.8	4.3	Horde Groupware Webmail Edition Permission edit.php cross-site request forgery	Groupware Software	Proof-of-Concept	Not Defined	0.00197	0.00	CVE-2013-6365
11/05/2019	6.5	5.9	Horde Groupware Webmail Edition Virtual Address Book search.php cross-site request forgery	Groupware Software	Proof-of-Concept	Not Defined	0.00459	0.00	CVE-2013-6364
10/24/2019	6.5	6.5	Horde Groupware Webmail Edition Trean cross-site request forgery	Groupware Software	Proof-of-Concept	Not Defined	0.04910	0.00	CVE-2019-12095
10/24/2019	5.2	5.2	Horde Groupware Webmail Edition Tag Cloud cross site scripting	Groupware Software	Proof-of-Concept	Not Defined	0.00753	0.02	CVE-2019-12094
05/29/2019	7.5	7.5	Horde Groupware Webmail Edition Image Upload Type.php onSubmit code injection	Groupware Software	Not Defined	Not Defined	0.94491	0.02	CVE-2019-9858
04/04/2017	6.9	6.7	Horde Groupware Webmail Edition Horde_Crypt command injection	Groupware Software	Not Defined	Official Fix	0.00181	0.00	CVE-2017-7414
04/04/2017	7.5	7.4	Horde Groupware Webmail Edition Horde_Crypt command injection	Groupware Software	Not Defined	Official Fix	0.94773	0.03	CVE-2017-7413
04/13/2016	6.1	5.9	Horde Groupware Webmail Edition _menubar.html.php cross site scripting	Groupware Software	Not Defined	Official Fix	0.00534	0.00	CVE-2016-2228
04/13/2016	6.1	5.9	Horde Groupware Webmail Edition Html.php _renderVarInput_number cross site scripting	Groupware Software	Not Defined	Official Fix	0.00434	0.00	CVE-2015-8807
11/19/2015	4.3	3.9	Horde Groupware cmdshell.php cross-site request forgery	Groupware Software	Proof-of-Concept	Official Fix	0.00729	0.00	CVE-2015-7984
11/18/2015	5.4	4.7	Horde Groupware cmdshell.php cross-site request forgery	Groupware Software	Proof-of-Concept	Official Fix	0.00729	0.00	CVE-2015-7984
07/07/2014	4.3	4.1	Horde IMP Flag/Mailbox cross site scripting	Groupware Software	High	Official Fix	0.00240	0.02	CVE-2014-4946
07/07/2014	4.3	4.1	Horde IMP Mailbox/Message View cross site scripting	Groupware Software	High	Official Fix	0.00239	0.00	CVE-2014-4945
06/03/2014	7.3	6.4	Horde Webmail Horde_ldap improper authentication	Groupware Software	Unproven	Official Fix	0.00829	0.00	CVE-2014-3999
04/05/2014	4.3	4.1	Horde Groupware cross site scripting	Groupware Software	Not Defined	Official Fix	0.00146	0.02	CVE-2012-6640
04/05/2014	4.3	4.1	Horde Groupware Portal Blocks cross site scripting	Groupware Software	Not Defined	Official Fix	0.00316	0.00	CVE-2012-5567
04/05/2014	4.3	4.1	Horde Groupware cross site scripting	Groupware Software	Not Defined	Official Fix	0.00254	0.00	CVE-2012-5565
03/31/2014	5.3	4.7	Horde Webmail Redirect go.php privileges management	Groupware Software	Proof-of-Concept	Unavailable	0.00000	0.02

91 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 91 results.

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!