In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a “Calendar -> New Event” action.
CPE | Name | Operator | Version |
---|---|---|---|
horde | eq | 4.2.0alpha2 | |
horde | eq | 4.0.0 | |
horde | eq | 4.2.0beta1 | |
horde | eq | 4.0.2 | |
horde | eq | 4.2.16 | |
horde | eq | 3.0.6 | |
horde | eq | wicked-2.0.8rc1 | |
horde | eq | 3.0.0alpha1 | |
horde | eq | 3.0.14 | |
horde | eq | wicked-2.0.8 |