Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to unescaped output, possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Groupware_webmail_edition | Horde | 1.0 (including) | 1.0 (including) |
| Groupware_webmail_edition | Horde | 1.0.1 (including) | 1.0.1 (including) |
| Groupware_webmail_edition | Horde | 1.0.2 (including) | 1.0.2 (including) |
| Groupware_webmail_edition | Horde | 1.0.3 (including) | 1.0.3 (including) |
| Groupware_webmail_edition | Horde | 1.0.4 (including) | 1.0.4 (including) |
| Groupware_webmail_edition | Horde | 1.0.5 (including) | 1.0.5 (including) |
| Groupware_webmail_edition | Horde | 1.0.6 (including) | 1.0.6 (including) |
| Groupware_webmail_edition | Horde | 1.0.7 (including) | 1.0.7 (including) |
| Groupware_webmail_edition | Horde | 1.1 (including) | 1.1 (including) |
| Horde3 | Ubuntu | dapper | * |
| Horde3 | Ubuntu | feisty | * |
| Horde3 | Ubuntu | gutsy | * |
| Horde3 | Ubuntu | hardy | * |
| Horde3 | Ubuntu | upstream | * |
| Turba2 | Ubuntu | dapper | * |
| Turba2 | Ubuntu | feisty | * |
| Turba2 | Ubuntu | gutsy | * |
| Turba2 | Ubuntu | upstream | * |