CVE-2016-5303

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:horde:groupware:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:5.2.15:*:*:*:webmail:*:*:*

Information

Published : 2016-12-20 14:59

Updated : 2016-12-22 18:59


NVD link : CVE-2016-5303

Mitre link : CVE-2016-5303


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

horde

  • groupware