CVE-2015-8807

Name of the Vulnerable Software and Affected Versions Horde Groupware versions prior to 5.2.12 Horde Groupware Webmail Edition versions prior to 5.2.12

Description A cross-site scripting (XSS) issue exists in the renderVarInput number function, allowing remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

Recommendations For Horde Groupware versions prior to 5.2.12, update to version 5.2.12 or later. For Horde Groupware Webmail Edition versions prior to 5.2.12, update to version 5.2.12 or later.