CVE-2017-16906

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-16906
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16906.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-16906
Related
Published
2017-11-20T20:29:00Z
Modified
2025-04-20T03:49:35.319792Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

References

Affected packages

Debian:11 / php-horde-kronolith

Package

Name
php-horde-kronolith
Purl
pkg:deb/debian/php-horde-kronolith?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.24-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / php-horde-kronolith

Package

Name
php-horde-kronolith
Purl
pkg:deb/debian/php-horde-kronolith?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.24-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/horde/groupware

Affected ranges

Type
GIT
Repo
https://github.com/horde/groupware
Events
Introduced
861c2461b4c16a64383cfe4daa89eba79dff541a
Last affected
cf488bd4e87e1ff0d9e11a5a3c2d2f805172dd70
Type
GIT
Repo
https://github.com/horde/horde
Events
Introduced
801083b02b92b8ba6710471253ecf4b36943c80d
Last affected
da4d701808c3af4100bd1f2d7f0fd07854267fa9
Type
GIT
Repo
https://github.com/horde/kronolith
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
09d90141292f9ec516a7a2007bf828ce2bbdf60d
Fixed
09d90141292f9ec516a7a2007bf828ce2bbdf60d

Affected versions

ansel-3.*

ansel-3.0.7
ansel-3.0.8

content-2.*

content-2.0.6

gollem-3.*

gollem-3.0.11
gollem-3.0.12

groupware-5.*

groupware-5.2.20
groupware-5.2.21
groupware-5.2.22

horde-5.*

horde-5.2.15
horde-5.2.16
horde-5.2.17

imp-6.*

imp-6.2.19
imp-6.2.20
imp-6.2.21

ingo-3.*

ingo-3.2.15
ingo-3.2.16

kronolith-4.*

kronolith-4.2.21
kronolith-4.2.22
kronolith-4.2.23

mnemo-4.*

mnemo-4.2.14

nag-4.*

nag-4.2.15
nag-4.2.16
nag-4.2.17

passwd-5.*

passwd-5.0.7

timeobjects-2.*

timeobjects-2.1.4

trean-1.*

trean-1.1.8
trean-1.1.9

turba-4.*

turba-4.2.20
turba-4.2.21

v3.*

v3.0.0
v3.0.0alpha1
v3.0.0beta1
v3.0.0rc1
v3.0.0rc2
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9

v4.*

v4.0.0
v4.0.0beta1
v4.0.0beta2
v4.0.0rc1
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1.0
v4.1.0beta1
v4.1.0beta2
v4.1.0rc1
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.2.0
v4.2.0alpha1
v4.2.0alpha2
v4.2.0beta1
v4.2.0beta2
v4.2.0rc1
v4.2.0rc2
v4.2.1
v4.2.10
v4.2.11
v4.2.12
v4.2.13
v4.2.14
v4.2.15
v4.2.16
v4.2.17
v4.2.18
v4.2.19
v4.2.2
v4.2.20
v4.2.21
v4.2.22
v4.2.23
v4.2.24
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9

v5.*

v5.2.19
v5.2.20
v5.2.21
v5.2.22

webmail-5.*

webmail-5.2.19
webmail-5.2.20
webmail-5.2.21
webmail-5.2.22

whups-3.*

whups-3.0.10
whups-3.0.11
whups-3.0.12

wicked-2.*

wicked-2.0.8
wicked-2.0.8rc1