Bug 1515688 (CVE-2017-16906, CVE-2017-16907, CVE-2017-16908) - CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulnerabilities
Summary: CVE-2017-16906 CVE-2017-16907 CVE-2017-16908 php-horde-horde: Multiple vulner...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-16906, CVE-2017-16907, CVE-2017-16908
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1515690 1515691
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-21 08:59 UTC by Andrej Nemec
Modified: 2019-09-29 14:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-21 09:20:58 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2017-11-21 08:59:09 UTC 
CVE-2017-16906

In Horde Groupware 5.2.19, there is XSS via the URL field in a "Calendar -> New Event" action.

CVE-2017-16907

In Horde Groupware 5.2.19, there is XSS via the Color field in a Create Task List action.

CVE-2017-16908

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

References:

https://code610.blogspot.cz/2017/11/rce-via-xss-horde-5219.html
Comment 1 Andrej Nemec 2017-11-21 09:00:06 UTC 
Created php-horde-horde tracking bugs for this issue:

Affects: epel-all [bug 1515690]
Affects: fedora-all [bug 1515691]
Comment 2 Remi Collet 2017-11-21 09:06:05 UTC 
php-horde-horde is NOT Horde Groupware.
Note You need to log in before you can comment on or make changes to this bug.