CVE-2017-16907

Source
https://cve.org/CVERecord?id=CVE-2017-16907
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16907.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-16907
Downstream
Published
2017-11-20T20:29:00.387Z
Modified
2026-07-08T05:49:58.397545045Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:horde:groupware:5.2.19:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "5.2.19"
                },
                {
                    "last_affected": "5.2.19"
                }
            ],
            "vendor_product": "horde:groupware",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/horde/base

Affected ranges

Type
GIT
Repo
https://github.com/horde/base
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v4.*
v4.0.0
v4.0.0beta1
v4.0.0rc1
v4.0.0rc2
v4.0.1
v5.*
v5.0.0
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v5.0.0beta3
v5.0.0beta4
v5.0.0beta5
v5.0.0beta6
v5.0.0rc1
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0beta1
v5.1.0beta2
v5.1.0beta3
v5.1.0rc1
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.2.0
v5.2.0alpha1
v5.2.0beta1
v5.2.0beta2
v5.2.0rc1
v5.2.0rc2
v5.2.1
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.18
v5.2.19
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16907.json"

Git / github.com/horde/groupware

Affected ranges

Type
GIT
Repo
https://github.com/horde/groupware
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:horde:groupware:5.2.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:horde:groupware:5.2.21:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "5.2.19"
        },
        {
            "last_affected": "5.2.19"
        },
        {
            "introduced": "5.2.21"
        },
        {
            "last_affected": "5.2.21"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

5.*
5.2.19
5.2.21
v5.*
v5.2.19
v5.2.20
v5.2.21

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16907.json"

Git / github.com/horde/horde

Affected ranges

Type
GIT
Repo
https://github.com/horde/horde
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:horde:groupware:5.2.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:horde:groupware:5.2.21:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "5.2.19"
        },
        {
            "last_affected": "5.2.19"
        },
        {
            "introduced": "5.2.21"
        },
        {
            "last_affected": "5.2.21"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

5.*
5.2.19
5.2.21
ansel-3.*
ansel-3.0.7
gollem-3.*
gollem-3.0.11
groupware-5.*
groupware-5.2.20
groupware-5.2.21
horde-5.*
horde-5.2.15
horde-5.2.16
imp-6.*
imp-6.2.19
imp-6.2.20
ingo-3.*
ingo-3.2.15
kronolith-4.*
kronolith-4.2.21
kronolith-4.2.22
nag-4.*
nag-4.2.15
trean-1.*
trean-1.1.8
turba-4.*
turba-4.2.20
webmail-5.*
webmail-5.2.19
webmail-5.2.20
webmail-5.2.21
whups-3.*
whups-3.0.10
whups-3.0.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16907.json"