[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-8807Date: (C)2016-04-28   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.1CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 2.7Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
DSA-3496
FEDORA-2016-3d1183830b
FEDORA-2016-5d0e7f15ef
http://lists.horde.org/archives/announce/2016/001148.html
http://lists.horde.org/archives/announce/2016/001149.html
http://www.openwall.com/lists/oss-security/2016/02/06/4
http://www.openwall.com/lists/oss-security/2016/02/06/5
https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES
https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253

CPE    4
cpe:/o:fedoraproject:fedora:22
cpe:/o:fedoraproject:fedora:23
cpe:/a:horde:groupware:5.2.11::~~webmail~~~
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-79
OVAL    3
oval:org.secpod.oval:def:602394
oval:org.secpod.oval:def:110203
oval:org.secpod.oval:def:110181

© SecPod Technologies