FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-8807

This CVE name corresponds to:

Entered Topic
2016-02-14 horde -- XSS vulnerabilies

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2015-8807
Phase Assigned(20160204)

Description

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

References

Source Reference
MLIST [announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final)
MLIST [announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final)
MLIST [oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities
MLIST [oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities
CONFIRM https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES
CONFIRM https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
DEBIAN DSA-3496
FEDORA FEDORA-2016-3d1183830b
FEDORA FEDORA-2016-5d0e7f15ef