http://bugzilla.suse.com/show_bug.cgi?id=1016755 Bug ID: 1016755 Summary: VUL-0: CVE-2016-5303: php5-pear-Horde_Text_Filter: Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in HordeGroupware and Horde G... Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: lang@b1-systems.de Reporter: meissner@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- CVE-2016-5303 Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5303 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5303.html https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb4... https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b... http://marc.info/?l=horde-announce&m=147319089526753&w=2 http://marc.info/?l=horde-announce&m=147319066126665&w=2 -- You are receiving this mail because: You are on the CC list for the bug.