Cross-Site Scripting Vulnerability in Horde Groupware Affecting Specific Versions
CVE-2017-16907

5.4MEDIUM

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
20 November 2017

What is CVE-2017-16907?

Horde Groupware versions 5.2.19 and 5.2.21 are prone to a Cross-Site Scripting vulnerability via the Color field during the Create Task List action. This flaw may allow attackers to inject malicious scripts, potentially compromising user data and account security. It is recommended for users of affected versions to apply the latest security updates to mitigate any risks associated with this vulnerability.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.