4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.9%
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in
Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows
remote attackers to inject arbitrary web script or HTML via crafted
data:text/html content in a form (1) action or (2) xlink attribute.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | php-horde-text-filter | < any | UNKNOWN |
marc.info/?l=horde-announce&m=147319066126665&w=2
marc.info/?l=horde-announce&m=147319089526753&w=2
github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97
github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424
launchpad.net/bugs/cve/CVE-2016-5303
nvd.nist.gov/vuln/detail/CVE-2016-5303
security-tracker.debian.org/tracker/CVE-2016-5303
www.cve.org/CVERecord?id=CVE-2016-5303
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.9%