CVE-2015-8807 — Cross-site Scripting in Php-horde-core

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Php-horde-core Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedApr 13

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶debiandebian/php-horde-core< php-horde-core 2.22.4+debian0-1 (bookworm)

▶NVDhorde/groupware5.2.11

Also affects: Debian Linux 8.0, Fedora 22, 23

🔴Vulnerability Details

GHSA

GHSA-whm8-gjx5-crg3: Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html↗2022-05-14

▶

OSV

CVE-2015-8807: Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html↗2016-04-13

▶

CVEList

CVE-2015-8807: Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html↗2016-04-13

▶

📋Vendor Advisories

Debian

CVE-2015-8807: php-horde-core - Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function ...↗2015

▶

💬Community

Bugzilla

CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number [fedora-all]↗2016-02-08

▶

Bugzilla

CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number [epel-all]↗2016-02-08

▶

Bugzilla

CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number↗2016-02-08

▶