CVE-2017-16906

Name of the Vulnerable Software and Affected Versions Horde Groupware versions 5.2.19 through 5.2.22

Description The issue is related to a Cross-Site Scripting (XSS) attack. XSS is a type of security vulnerability that occurs when an attacker is able to inject malicious scripts into a website, which are then executed by the user's browser. In this case, the XSS attack can be performed via the URL field in a "Calendar -> New Event" action.

Recommendations For Horde Groupware versions 5.2.19 through 5.2.22, consider disabling the "Calendar -> New Event" action until a patch is available to prevent potential XSS attacks. Restrict access to the URL field in this action to minimize the risk of exploitation.