horde/base

Releases115

Frequency1 month 2 weeks

Last Release 12 days ago

Stars58

Horde Application Framework

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-8035 ↗	May 18, 2020Monday, 18 May 2020, 15:15	6.1 MEDIUM	4.3 MEDIUM
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVE-2017-16907 ↗	Nov 20, 2017Monday, 20 November 2017, 20:29	—	3.5 LOW
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.