20 Nov 2017
CVE-2017-16908 - CVE Vulnerability
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. (CVSS:0.0) (Last Update:2017-11-20)
Vulnerability Details : In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. Publish Date : 2017-11-20 Last Update Date : 2017-11-20 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-16908
- References For CVE-2017-16908
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-16908There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |