QwikSec

Security Database

CVE

CWE

Training

CVE-2016-2228

Published: Apr 13, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities

mailing-list

x_refsource_MLIST

http://bugs.horde.org/ticket/14213

x_refsource_CONFIRM

[oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

FEDORA-2016-3d1183830b

vendor-advisory

x_refsource_FEDORA

[announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final)

mailing-list

x_refsource_MLIST

FEDORA-2016-5d0e7f15ef

vendor-advisory

x_refsource_FEDORA

[announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final)

mailing-list

x_refsource_MLIST

https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES

x_refsource_CONFIRM

https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.