CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

Published: Aug 13, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3650
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
horde / groupware_webmail_edition	1.0.1	1.0.1.x
horde / groupware_webmail_edition	1.1	1.1.x
horde / groupware_webmail_edition	1.0.5	1.0.5.x
horde / groupware_webmail_edition	1.0.7	1.0.7.x
horde / groupware_webmail_edition	1.0.3	1.0.3.x
horde / groupware_webmail_edition	1.0	1.0.x
horde / groupware_webmail_edition	1.0.2	1.0.2.x
horde / groupware_webmail_edition	1.0.6	1.0.6.x
horde / groupware_webmail_edition	1.0.4	1.0.4.x

http://lists.horde.org/archives/announce/2008/000420.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44479

Vulnerability Database

289,784

CVE-2008-3650