CVE-2016-5303 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://marc.info/?l=horde-announce&m=147319066126665&w=2 http://marc.info/?l=horde-announce&m=147319089526753&w=2 http://www.securityfocus.com/bid/94997 https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97 https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: