Horde · Horde Groupware Webmail Edition · CVE-2016-5303
**Name of the Vulnerable Software and Affected Versions**
Horde Groupware and Horde Groupware Webmail Edition versions prior to 5.2.16
**Description**
A cross-site scripting (XSS) issue exists in the Horde Text Filter API, allowing remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form action or xlink attribute.
**Recommendations**
For versions prior to 5.2.16, update to version 5.2.16 or later to resolve the issue.