Lucene search

PRIOn knowledge basePRION:CVE-2015-8807

HistoryApr 13, 2016 - 4:59 p.m.

Cross site scripting

2016-04-1316:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

CPENameOperatorVersion
debian_linuxeq8.0
fedoraeq22
fedoraeq23
groupwareeq5.2.11
groupwareeq5.2.11

Name	Operator	Version
debian_linux	eq	8.0
fedora	eq	22
fedora	eq	23
groupware	eq	5.2.11
groupware	eq	5.2.11

References

lists.horde.org/archives/announce/2016/001148.html

lists.horde.org/archives/announce/2016/001149.html

www.debian.org/security/2016/dsa-3496

www.openwall.com/lists/oss-security/2016/02/06/4

www.openwall.com/lists/oss-security/2016/02/06/5

github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES

github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253

lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html