PT-2016-6356 · Horde · Horde Groupware Webmail Edition+1

Liuzhu

·

Publicado

2016-12-20

·

Atualizado

2016-12-23

·

CVE-2016-5303

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Horde Groupware and Horde Groupware Webmail Edition versions prior to 5.2.16
Description A cross-site scripting (XSS) issue exists in the Horde Text Filter API, allowing remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form action or xlink attribute.
Recommendations For versions prior to 5.2.16, update to version 5.2.16 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2016-5303

Produtos afetados

Horde Groupware
Horde Groupware Webmail Edition