QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5303

Published: Dec 20, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97

x_refsource_CONFIRM

[horde-announce] 20160906 [SECURITY] Horde Groupware 5.2.16 (final)

mailing-list

x_refsource_MLIST

[horde-announce] 20160906 [SECURITY] Horde Groupware Webmail Edition 5.2.16 (final)

mailing-list

x_refsource_MLIST

https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.