CVE-2017-16906

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16906

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16906.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16906

Downstream

DEBIAN-CVE-2017-16906

DLA-1537-1

DLA-2351-1

UBUNTU-CVE-2017-16906

Published

2017-11-20T20:29:00.340Z

Modified

2025-12-11T01:51:47.971848Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

References

Affected packages

Git / github.com/horde/groupware

Affected ranges

Type: GIT
Repo: https://github.com/horde/groupware
Events: Introduced

861c2461b4c16a64383cfe4daa89eba79dff541a

Affected versions

v5.*

v5.2.19

v5.2.20

v5.2.21

v5.2.22

Git / github.com/horde/horde

Affected ranges

Type: GIT
Repo: https://github.com/horde/horde
Events: Introduced

801083b02b92b8ba6710471253ecf4b36943c80d

Affected versions

ansel-3.*

ansel-3.0.7

ansel-3.0.8

content-2.*

content-2.0.6

gollem-3.*

gollem-3.0.11

gollem-3.0.12

groupware-5.*

groupware-5.2.20

groupware-5.2.21

groupware-5.2.22

horde-5.*

horde-5.2.15

horde-5.2.16

horde-5.2.17

imp-6.*

imp-6.2.19

imp-6.2.20

imp-6.2.21

ingo-3.*

ingo-3.2.15

ingo-3.2.16

kronolith-4.*

kronolith-4.2.21

kronolith-4.2.22

kronolith-4.2.23

mnemo-4.*

mnemo-4.2.14

nag-4.*

nag-4.2.15

nag-4.2.16

nag-4.2.17

passwd-5.*

passwd-5.0.7

timeobjects-2.*

timeobjects-2.1.4

trean-1.*

trean-1.1.8

trean-1.1.9

turba-4.*

turba-4.2.20

turba-4.2.21

webmail-5.*

webmail-5.2.19

webmail-5.2.20

webmail-5.2.21

webmail-5.2.22

whups-3.*

whups-3.0.10

whups-3.0.11

whups-3.0.12

wicked-2.*

wicked-2.0.8

wicked-2.0.8rc1

Git / github.com/horde/kronolith

Affected ranges

Type: GIT
Repo: https://github.com/horde/kronolith
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

09d90141292f9ec516a7a2007bf828ce2bbdf60d

Affected versions

v3.*

v3.0.0

v3.0.0alpha1

v3.0.0beta1

v3.0.0rc1

v3.0.0rc2

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.17

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v4.*

v4.0.0

v4.0.0beta1

v4.0.0beta2

v4.0.0rc1

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.1.0

v4.1.0beta1

v4.1.0beta2

v4.1.0rc1

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.2.0

v4.2.0alpha1

v4.2.0alpha2

v4.2.0beta1

v4.2.0beta2

v4.2.0rc1

v4.2.0rc2

v4.2.1

v4.2.10

v4.2.11

v4.2.12

v4.2.13

v4.2.14

v4.2.15

v4.2.16

v4.2.17

v4.2.18

v4.2.19

v4.2.2

v4.2.20

v4.2.21

v4.2.22

v4.2.23

v4.2.24

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9