CVE-2016-5303

EUVD-2016-6254
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
hordegroupware
5.2.15
hordegroupware
5.2.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-horde-text-filter
bookworm
2.3.7-1
fixed
bullseye
2.3.7-1
fixed
jessie
no-dsa
sid
2.3.7-1
fixed
trixie
2.3.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-horde-text-filter
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
mantic
dne
noble
dne
precise
dne
trusty
dne
xenial
needed
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
http://marc.info/?l=horde-announce&m=147319066126665&w=2
http://marc.info/?l=horde-announce&m=147319089526753&w=2
http://www.securityfocus.com/bid/94997
https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97
https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424
http://marc.info/?l=horde-announce&m=147319066126665&w=2
http://marc.info/?l=horde-announce&m=147319089526753&w=2
http://www.securityfocus.com/bid/94997
https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97
https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424