Description
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Marcela Benetrix · textwebappsphp
https://www.exploit-db.com/exploits/29519
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2013-6364
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6364
Issue Tracking x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6364
Broken Link x_refsource_misc
http://archives.neohapsis.com/archives/bugtraq/2013-11/0012.html
Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/29519
Third Party Advisory, VDB Entry x_refsource_misc
https://www.securityfocus.com/archive/1/529589
Scores
CVSS v3
8.8
EPSS
0.0195
EPSS Percentile
83.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
CWE-79
Status
published
Products (4)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
horde/groupware
5.1.2
Published
Nov 05, 2019
Tracked Since
Feb 18, 2026