CVE-2015-8807

EUVD-2015-8675
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
hordegroupware
5.2.11
hordegroupware
5.2.11
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-horde-core
bookworm
2.31.18+debian0-2
fixed
bullseye
2.31.16+debian0-2
fixed
sid
2.31.18+debian0-2
fixed
trixie
2.31.18+debian0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-horde-core
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
dne
trusty
Fixed 2.11.1-2ubuntu0.1~esm1
released
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html
http://lists.horde.org/archives/announce/2016/001148.html
http://lists.horde.org/archives/announce/2016/001149.html
http://www.debian.org/security/2016/dsa-3496
http://www.openwall.com/lists/oss-security/2016/02/06/4
http://www.openwall.com/lists/oss-security/2016/02/06/5
https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES
https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html
http://lists.horde.org/archives/announce/2016/001148.html
http://lists.horde.org/archives/announce/2016/001149.html
http://www.debian.org/security/2016/dsa-3496
http://www.openwall.com/lists/oss-security/2016/02/06/4
http://www.openwall.com/lists/oss-security/2016/02/06/5
https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES
https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253