CVE-2017-16906

MEDIUM5.4EPSS 0.25%

php-horde-kronolith - security update

Published: 11/20/2017Modified: 4/28/2026

Description

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N