VDB
CVE-2016-2228
CVE-2016-2228
REJECTED
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
EPSS 0.58% · 69.2th percentile
Risk Scores
EPSS Score
0.58%
69.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | php-horde | 0, 5.2.7+debian0-1, 5.2.8+debian0-1 |
Exploit Intelligence
- [oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities (circl)
- http://bugs.horde.org/ticket/14213 (circl)
- [oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities (circl)
- DSA-3497 (circl)
- FEDORA-2016-3d1183830b (circl)
- [announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final) (circl)
- FEDORA-2016-5d0e7f15ef (circl)
- [announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final) (circl)
- https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES (circl)
- https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8 (vulncheck-nvd)
Timeline
- Apr 13, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-2228 third-party-advisory
- https://bugs.horde.org/ticket/14213 third-party-advisory
- http://lists.horde.org/archives/announce/2016/001140.html third-party-advisory
- https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0 third-party-advisory
- https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/02/06/4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2228 third-party-advisory