Cross-Site Scripting Vulnerability in Horde Groupware by Horde
CVE-2017-16908
5.4MEDIUM
What is CVE-2017-16908?
In Horde Groupware 5.2.19, an XSS vulnerability exists in the Name field during the creation of a new Resource. Attackers can leverage this weakness to execute remote code by compromising an administrator account. Due to a flaw in the CSRF protection mechanism, specifically related to CVE-2015-7984, the security measures in place can be bypassed, allowing for escalated privileges and further exploitation.
