CVE-2016-2228

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*
cpe:2.3:a:horde:horde_groupware:*:*:*:*:webmail_edition:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Information

Published : 2016-04-13 09:59

Updated : 2019-06-18 09:29


NVD link : CVE-2016-2228

Mitre link : CVE-2016-2228


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

horde

  • groupware
  • horde_groupware

fedoraproject

  • fedora