CVE-2017-16907

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16907

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16907.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16907

Downstream

DEBIAN-CVE-2017-16907

DLA-1535-1

DLA-1536-1

DLA-2348-1

DLA-2349-1

UBUNTU-CVE-2017-16907

Published

2017-11-20T20:29:00Z

Modified

2025-10-24T03:56:25.578087Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

References

Affected packages

Git / github.com/horde/base

Affected ranges

Type: GIT
Repo: https://github.com/horde/base
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fb2113bbcd04bd4a28c46aad0889fb0a3979a230

Affected versions

v4.*

v4.0.0

v4.0.0beta1

v4.0.0rc1

v4.0.0rc2

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v5.*

v5.0.0

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v5.0.0beta3

v5.0.0beta4

v5.0.0beta5

v5.0.0beta6

v5.0.0rc1

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0

v5.1.0beta1

v5.1.0beta2

v5.1.0beta3

v5.1.0rc1

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.2.0

v5.2.0alpha1

v5.2.0beta1

v5.2.0beta2

v5.2.0rc1

v5.2.0rc2

v5.2.1

v5.2.10

v5.2.11

v5.2.12

v5.2.13

v5.2.14

v5.2.15

v5.2.16

v5.2.17

v5.2.18

v5.2.19

v5.2.2

v5.2.3

v5.2.4

v5.2.5

v5.2.6

v5.2.7

v5.2.8

v5.2.9

Git / github.com/horde/base

Affected ranges

Type: GIT
Repo: https://github.com/horde/groupware
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Git / github.com/horde/base

Affected ranges

Type: GIT
Repo: https://github.com/horde/horde
Events: Introduced

0 Unknown introduced commit / All previous commits are affected