4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
59.0%
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework
before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail
Edition before 1.2.5 does not properly handle data: URIs, which allows
remote attackers to conduct cross-site scripting (XSS) attacks via
data:text/html values for the HREF attribute of an A element in an HTML
e-mail message. NOTE: the vendor states that the issue is caused by “an
XSS vulnerability in Firefox browsers.”