CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
hordegroupware_webmail_edition
1.0
hordegroupware_webmail_edition
1.0.1
hordegroupware_webmail_edition
1.0.2
hordegroupware_webmail_edition
1.0.3
hordegroupware_webmail_edition
1.0.4
hordegroupware_webmail_edition
1.0.5
hordegroupware_webmail_edition
1.0.6
hordegroupware_webmail_edition
1.0.7
hordegroupware_webmail_edition
1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
horde3
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
turba2
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
feisty
ignored
dapper
ignored
References
http://lists.horde.org/archives/announce/2008/000420.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44479
http://lists.horde.org/archives/announce/2008/000420.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44479