Vulnerabilities in horde
6 resultsCVE-2025-30349HIGHHorde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted tEPSS 30.2%CVE-2020-8866MEDIUMThis vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. AuEPSS 9.6%CVE-2020-8865MEDIUMThis vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. AEPSS 6.8%CVE-2026-60102HIGHHorde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb DriverEPSS 1.8%CVE-2026-58451HIGHHorde IMP < 7.0.1 Path Traversal via Compose.php img srcEPSS 0.4%CVE-2025-41066MEDIUMDisclosure of sensitive information in Horde GroupwareEPSS 0.2%