Mrubinsk

**Name of the Vulnerable Software and Affected Versions** Horde Groupware version 5.2.19 **Description** The issue allows for XSS via the `Name` field during the creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CSRF protection mechanism can then be bypassed. **Recommendations** For Horde Groupware version 5.2.19, update to a version that fixes this issue to prevent potential exploitation.