Medium severity6.1OSV Advisory· Published Dec 20, 2016· Updated Jun 17, 2026
CVE-2016-5303
CVE-2016-5303
Description
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: ApertureToAnselExportPlugin-1.0.0alpha1, ansel-2.0.0, ansel-2.0.0alpha1, …
cpe:2.3:a:horde:groupware:5.2.15:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:horde:groupware:5.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:horde:groupware:5.2.15:*:*:*:webmail:*:*:*
- (no CPE)range: <5.2.16
- Range: <5.2.16
Patches
Vulnerability mechanics
References
5- github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97nvdPatchVendor Advisory
- github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424nvdPatchVendor Advisory
- marc.infonvdRelease NotesThird Party Advisory
- marc.infonvdRelease NotesThird Party Advisory
- www.securityfocus.com/bid/94997nvd
News mentions
0No linked articles in our index yet.