CVE-2012-0909
Horde Groupware Webmail <4.0.6 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information.
References (5)
Scores
EPSS
0.0029
EPSS Percentile
52.5%
Classification
CWE
CWE-79
Status
published
Affected Products (44)
horde/groupware_webmail_edition
< 4.0.5
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
horde/groupware_webmail_edition
... and 29 more
Timeline
Published
Jan 24, 2012
Tracked Since
Feb 18, 2026