CVE-2016-5303

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
hordegroupware
5.2.15
hordegroupware
5.2.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-horde-text-filter
sid
2.3.7-1
fixed
trixie
2.3.7-1
fixed
bookworm
2.3.7-1
fixed
bullseye
2.3.7-1
fixed
jessie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-horde-text-filter
noble
dne
mantic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
ignored
xenial
needed
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://marc.info/?l=horde-announce&m=147319066126665&w=2
http://marc.info/?l=horde-announce&m=147319089526753&w=2
http://www.securityfocus.com/bid/94997
https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97
https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424
http://marc.info/?l=horde-announce&m=147319066126665&w=2
http://marc.info/?l=horde-announce&m=147319089526753&w=2
http://www.securityfocus.com/bid/94997
https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97
https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424