Lucene search

K
osvGoogleOSV:CVE-2017-16908
HistoryNov 20, 2017 - 8:29 p.m.

CVE-2017-16908

2017-11-2020:29:00
Google
osv.dev
3

6.7 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

6.7 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%