Horde
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Horde product.
RSS Feeds for Horde security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Horde products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Horde Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Horde. Last year, in 2025 Horde had 1 security vulnerability published. Right now, Horde is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.70 |
| 2021 | 1 | 6.10 |
| 2020 | 5 | 0.00 |
| 2019 | 4 | 7.90 |
| 2018 | 1 | 0.00 |
It may take a day or so for new Horde vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Horde Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-41066 | Dec 02, 2025 |
Horde Groupware v5.2.22 User Enumeration via /imp/attachment.phpHorde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to /imp/attachment.php including the parameters id and u. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user. |
Groupware
|
| CVE-2022-30287 | Jul 28, 2022 |
Reflection Injection in Horde WebMail 5.2.22 Enables PHP Obj DeserializationHorde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. |
Groupware
|
| CVE-2022-26874 | Mar 11, 2022 |
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. |
Horde Mime Viewer
|
| CVE-2021-26929 | Feb 14, 2021 |
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used)An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses. |
Groupware
|
| CVE-2020-8034 | May 18, 2020 |
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerabilityGollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. |
Groupware
|
| CVE-2020-8035 | May 18, 2020 |
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerabilityThe image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. |
Groupware
|
| CVE-2020-8865 | Mar 23, 2020 |
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469. |
Groupware
|
| CVE-2020-8866 | Mar 23, 2020 |
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125. |
Groupware
Horde Form
|
| CVE-2020-8518 | Feb 17, 2020 |
Horde Groupware Webmail Edition 5.2.22Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. |
Groupware
|
| CVE-2013-6365 | Nov 05, 2019 |
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissionsHorde Groupware Web mail 5.1.2 has CSRF with requests to change permissions |
Groupware
|
| CVE-2019-12095 | Oct 24, 2019 |
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other productsHorde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. |
Groupware
|
| CVE-2019-12094 | Oct 24, 2019 |
Horde Groupware Webmail Edition through 5.2.22Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. |
Groupware
|
| CVE-2019-9858 | May 29, 2019 |
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.) |
Groupware
|
| CVE-2017-17688 | May 16, 2018 |
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attackThe OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification |
Horde Imp
|
| CVE-2017-16908 | Nov 20, 2017 |
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new ResourceIn Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. |
Groupware
|
| CVE-2017-16907 | Nov 20, 2017 |
In Horde Groupware 5.2.19 and 5.2.21, there is XSSIn Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. |
Groupware
|
| CVE-2017-16906 | Nov 20, 2017 |
In Horde Groupware 5.2.19-5.2.22, there is XSSIn Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. |
Groupware
|
| CVE-2017-15235 | Oct 11, 2017 |
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameterThe File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. |
Groupware
|
| CVE-2015-7984 | Nov 19, 2015 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requestsMultiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php. |
Groupware
Horde Application Framework
|
| CVE-2012-0791 | Jan 24, 2012 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. |
Imp
Dynamic Imp
Groupware Webmail Edition
And others... |
| CVE-2010-1638 | Jun 22, 2010 |
The IMP plugin in HordeThe IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. |
Horde
|
| CVE-2007-1679 | Mar 26, 2007 |
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages |
Groupware
|
| CVE-2002-2024 | Dec 31, 2002 |
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathnameHorde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages. |
Imp
|