CVE-2019-12094

Опубликовано: 24 окт. 2019

Источник: debian

Описание

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
php-horde	unfixed			package

Примечания

https://bugs.horde.org/ticket/14926 (for the reflected XSS)
Negligible impact and unlikely that upstream will address after fixes
for CVE-2019-12095

Связанные уязвимости

CVE-2019-12094

CVSS3: 6.1

ubuntu

больше 6 лет назад

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.

CVE-2019-12094

CVSS3: 6.1

nvd

больше 6 лет назад

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.

GHSA-wpwg-9p7v-m644

github

больше 3 лет назад

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI, related to the Tag Cloud feature.