PT-2016-5074 · Horde · Horde Groupware Webmail Edition+1

Salvatore Bonaccorso

·

Publicado

2016-02-28

·

Atualizado

2019-06-18

·

CVE-2016-2228

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Horde Groupware versions prior to 5.2.12 Horde Groupware Webmail Edition versions prior to 5.2.12
Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter. This can be demonstrated by a request to "xplorer/gollem/manager.php".
Recommendations For Horde Groupware versions prior to 5.2.12, update to version 5.2.12 or later. For Horde Groupware Webmail Edition versions prior to 5.2.12, update to version 5.2.12 or later. As a temporary workaround, consider restricting access to the searchfield parameter in the affected API endpoint until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2016-2228
DSA-3497-1

Produtos afetados

Horde Groupware
Horde Groupware Webmail Edition