Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Horde | Groupware | 5.2.15 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=horde-announce&m=147319066126665&w=2Release NotesThird Party Advisory
- http://marc.info/?l=horde-announce&m=147319089526753&w=2Release NotesThird Party Advisory
- http://www.securityfocus.com/bid/94997
- https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97PatchVendor Advisory
- https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424PatchVendor Advisory
- http://marc.info/?l=horde-announce&m=147319066126665&w=2Release NotesThird Party Advisory
- http://marc.info/?l=horde-announce&m=147319089526753&w=2Release NotesThird Party Advisory
- http://www.securityfocus.com/bid/94997
- https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97PatchVendor Advisory
- https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424PatchVendor Advisory
FAQ
What is CVE-2016-5303?
CVE-2016-5303 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTM...
How severe is CVE-2016-5303?
CVE-2016-5303 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5303?
Check the references section above for vendor advisories and patch information. Affected products include: Horde Groupware.