CVE-2016-5303

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:horde:groupware:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:5.2.15:*:*:*:webmail:*:*:*

History

No history.

Information

Published : 2016-12-20 22:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-5303

Mitre link : CVE-2016-5303

CVE.ORG link : CVE-2016-5303


JSON object : View

Products Affected

horde

  • groupware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')