CVE-2016-2228 — Cross-site Scripting in Php-horde

CWE-79 — Cross-site Scripting8 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 31.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Php-horde Horde Groupware Horde Groupware +2 more

Timeline

PublishedApr 13

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDhorde/groupware5.2.11

▶NVDhorde/horde_groupware5.2.11

▶debiandebian/php-horde< php-horde 5.2.9+debian0-1 (bookworm)

Also affects: Debian Linux 8.0, Fedora 22, 23

🔴Vulnerability Details

GHSA

GHSA-qw64-22p9-qw2r: Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar↗2022-05-14

▶

OSV

CVE-2016-2228: Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar↗2016-04-13

▶

📋Vendor Advisories

Debian

CVE-2016-2228: php-horde - Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html...↗2016

▶

💬Community

Bugzilla

CVE-2016-2228 php-horde-horde: php-horde: reflected cross-site scripting [epel-6]↗2016-02-03

▶

Bugzilla

CVE-2016-2228 php-horde: reflected cross-site scripting↗2016-02-03

▶

Bugzilla

CVE-2016-2228 php-horde-horde: php-horde: reflected cross-site scripting [fedora-all]↗2016-02-03

▶

Bugzilla

CVE-2016-2228 php-horde-horde: php-horde: reflected cross-site scripting [epel-7]↗2016-02-03

▶