PT-2017-14634 · Horde · Horde Groupware
Mrubinsk
·
Publicado
2017-11-20
·
Atualizado
2020-08-29
·
CVE-2017-16908
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Horde Groupware version 5.2.19
Description
The issue allows for XSS via the
Name field during the creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CSRF protection mechanism can then be bypassed.Recommendations
For Horde Groupware version 5.2.19, update to a version that fixes this issue to prevent potential exploitation.
Exploit
Correção
RCE
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Horde Groupware