CVE-2017-16906 — Cross-site Scripting in Groupware

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 51.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 20

Latest updateMay 13

Description

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDhorde/groupware5.2.19 — 5.2.22

GHSA

GHSA-8xmf-3fcj-f6cr: In Horde Groupware 5↗2022-05-13

▶

CVEList

CVE-2017-16906: In Horde Groupware 5↗2017-11-20

▶

OSV

CVE-2017-16906: In Horde Groupware 5↗2017-11-20

▶

Debian

CVE-2017-16906: php-horde-kronolith - In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar ...↗2017

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities [fedora-all]↗2017-11-21

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities [epel-all]↗2017-11-21

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities↗2017-11-21

▶