XSS Vulnerability in Horde Groupware 5.2.19-5.2.22 via Calendar -> New Event URL Field

XSS Vulnerability in Horde Groupware 5.2.19-5.2.22 via Calendar -> New Event URL Field

CVE-2017-16906 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

Learn more about our Web Application Penetration Testing UK.