Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
References
Link | Resource |
---|---|
https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424 | Patch Vendor Advisory |
https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97 | Vendor Advisory Patch |
http://marc.info/?l=horde-announce&m=147319089526753&w=2 | Release Notes Third Party Advisory |
http://marc.info/?l=horde-announce&m=147319066126665&w=2 | Release Notes Third Party Advisory |
http://www.securityfocus.com/bid/94997 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-12-20 14:59
Updated : 2016-12-22 18:59
NVD link : CVE-2016-5303
Mitre link : CVE-2016-5303
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
horde
- groupware