Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-8807

Published: 13/04/2016 Updated: 18/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Fedora

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware prior to 5.2.12 and Horde Groupware Webmail Edition prior to 5.2.12 allows remote malicious users to inject arbitrary web script or HTML via vectors involving numeric form fields.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 23

fedoraproject fedora 22

horde groupware 5.2.11

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: php-horde-core: CVE-2015-8807: XSS in Horde_Core_VarRenderer_Html
Debian Bug report logs - #813590 php-horde-core: CVE-2015-8807: XSS in Horde_Core_VarRenderer_Html Package: php-horde-core; Maintainer for php-horde-core is Horde Maintainers <team+debian-horde-team@trackerdebianorg>; Source for php-horde-core is src:php-horde-core (PTS, buildd, popcon) Reported by: Mathieu Parent <math ...
Debian Security Advisories: DSA-3496-1 php-horde-core -- security update
It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability For the stable distribution (jessie), this problem has been fixed in version 2150+debian0-1+deb8u1 For the testing distribution (stretch), this problem has been fixed in ve ...

References

CWE-79http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.htmlhttp://lists.horde.org/archives/announce/2016/001148.htmlhttp://www.debian.org/security/2016/dsa-3496http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.htmlhttp://lists.horde.org/archives/announce/2016/001149.htmlhttps://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253http://www.openwall.com/lists/oss-security/2016/02/06/4http://www.openwall.com/lists/oss-security/2016/02/06/5https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGEShttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813590https://nvd.nist.govhttps://www.debian.org/security/./dsa-3496
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook