Published: 20/11/2017 Updated: 29/08/2020

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde groupware

Debian Bug report logs - #909738 php-horde-kronolith: CVE-2017-16908 XSS via Name field Package: php-horde-kronolith; Maintainer for php-horde-kronolith is Horde Maintainers <team+debian-horde-team@trackerdebianorg>; Source for php-horde-kronolith is src:php-horde-kronolith (PTS, buildd, popcon) Reported by: Markus Koschan ...

Debian Bug report logs - #909737 php-horde-kronolith: CVE-2017-16906 XSS via URL field Package: php-horde-kronolith; Maintainer for php-horde-kronolith is Horde Maintainers <team+debian-horde-team@trackerdebianorg>; Source for php-horde-kronolith is src:php-horde-kronolith (PTS, buildd, popcon) Reported by: Markus Koschany ...

CWE-79 http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html https://github.com/starnightcyber/Miscellaneous/blob/master/Horde/README.md https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d https://lists.debian.org/debian-lts-announce/2020/08/msg00049.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909738

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-16906

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect