CVE-2015-8807

MEDIUM6.1EPSS 0.68%

php-horde-core - security update

Published: 4/13/2016Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-8807

Description

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

Affected packages (2)

Debian/php-horde-corefrom 0, < 2.22.4+debian0-1
Debian/php-horde-corefrom 0, < 2.15.0+debian0-1+deb8u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8807