CVE-2017-16906

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-16906

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16906.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16906

Downstream

DEBIAN-CVE-2017-16906

DLA-1537-1

DLA-2351-1

UBUNTU-CVE-2017-16906

Published

2017-11-20T20:29:00.340Z

Modified

2026-04-10T03:57:59.195974Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

References

Affected packages

Git / github.com/horde/horde

Affected ranges

Type

GIT

Repo

https://github.com/horde/horde

Events

Introduced

801083b02b92b8ba6710471253ecf4b36943c80d

Last affected

da4d701808c3af4100bd1f2d7f0fd07854267fa9

Database specific

{
    "versions": [
        {
            "introduced": "5.2.19"
        },
        {
            "last_affected": "5.2.22"
        }
    ]
}

Type: GIT
Repo: https://github.com/horde/kronolith
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

09d90141292f9ec516a7a2007bf828ce2bbdf60d

Affected versions

ansel-3.*

ansel-3.0.7

ansel-3.0.8

content-2.*

content-2.0.6

gollem-3.*

gollem-3.0.11

gollem-3.0.12

groupware-5.*

groupware-5.2.20

groupware-5.2.21

groupware-5.2.22

horde-5.*

horde-5.2.15

horde-5.2.16

horde-5.2.17

imp-6.*

imp-6.2.19

imp-6.2.20

imp-6.2.21

ingo-3.*

ingo-3.2.15

ingo-3.2.16

kronolith-4.*

kronolith-4.2.21

kronolith-4.2.22

kronolith-4.2.23

mnemo-4.*

mnemo-4.2.14

nag-4.*

nag-4.2.15

nag-4.2.16

nag-4.2.17

passwd-5.*

passwd-5.0.7

timeobjects-2.*

timeobjects-2.1.4

trean-1.*

trean-1.1.8

trean-1.1.9

turba-4.*

turba-4.2.20

turba-4.2.21

v3.*

v3.0.0

v3.0.0alpha1

v3.0.0beta1

v3.0.0rc1

v3.0.0rc2

v3.0.1

v4.*

v4.0.0

v4.0.0beta1

v4.0.0beta2

v4.0.0rc1

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.1.0

v4.1.0beta1

v4.1.0beta2

v4.1.0rc1

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.2.0

v4.2.0alpha1

v4.2.0alpha2

v4.2.0beta1

v4.2.0beta2

v4.2.0rc1

v4.2.0rc2

v4.2.1

v4.2.10

v4.2.11

v4.2.12

v4.2.13

v4.2.14

v4.2.15

v4.2.16

v4.2.17

v4.2.18

v4.2.19

v4.2.2

v4.2.20

v4.2.21

v4.2.22

v4.2.23

v4.2.24

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9

webmail-5.*

webmail-5.2.19

webmail-5.2.20

webmail-5.2.21

webmail-5.2.22

whups-3.*

whups-3.0.10

whups-3.0.11

whups-3.0.12

wicked-2.*

wicked-2.0.8

wicked-2.0.8rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16906.json"