An XSS vulnerability was found in _renderVarInput_number in Horde/Core/Ui/VarRenderer/Html.php, where input in numeric field wasn't properly escaped. Upstream patch: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253 CVE assignment: http://seclists.org/oss-sec/2016/q1/292
Created php-horde-horde tracking bugs for this issue: Affects: fedora-all [bug 1305598] Affects: epel-all [bug 1305599]
php-horde-horde-5.2.9-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
php-horde-horde-5.2.9-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
php-horde-horde-5.2.9-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
php-horde-horde-5.2.9-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.