Lucene search

K

MitreCVELIST:CVE-2015-8807

HistoryApr 13, 2016 - 4:00 p.m.

CVE-2015-8807

2016-04-1316:00:00

mitre

www.cve.org

0.004 Low

EPSS

Percentile

74.7%

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

References

lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html

lists.horde.org/archives/announce/2016/001148.html

lists.horde.org/archives/announce/2016/001149.html

www.debian.org/security/2016/dsa-3496

www.openwall.com/lists/oss-security/2016/02/06/4

www.openwall.com/lists/oss-security/2016/02/06/5

github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES

github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253

0.004 Low

EPSS

Percentile

74.7%

Related for CVELIST:CVE-2015-8807

ubuntucve1 debiancve1 osv1 nessus4 openvas4 cve1 debian2 prion1 nvd1 freebsd1 fedora2