CVE-2017-16907 — Cross-site Scripting in Groupware

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 54.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 20

Latest updateMay 13

Description

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDhorde/groupware5.2.19, 5.2.21+1

GHSA

GHSA-mfv6-g85c-7863: In Horde Groupware 5↗2022-05-13

▶

OSV

CVE-2017-16907: In Horde Groupware 5↗2017-11-20

▶

CVEList

CVE-2017-16907: In Horde Groupware 5↗2017-11-20

▶

Debian

CVE-2017-16907: php-horde - In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Crea...↗2017

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities [fedora-all]↗2017-11-21

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities [epel-all]↗2017-11-21

▶

Bugzilla

CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities↗2017-11-21

▶