CVE-2015-8807

MEDIUM6.1EPSS 0.68%

php-horde-core - security update

發布日:2016/4/13修改日:2026/4/28

也稱為:DEBIAN-CVE-2015-8807

描述

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

受影響套件(2)

Debian/php-horde-corefrom 0, < 2.22.4+debian0-1
Debian/php-horde-corefrom 0, < 2.15.0+debian0-1+deb8u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8807