Vulnerability Database

310,469

Total vulnerabilities in the database

CVE-2016-5303

Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.

Published: Dec 20, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-5303
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
horde / groupware	5.2.15	5.2.15.x

http://marc.info/?l=horde-announce&m=147319066126665&w=2
http://marc.info/?l=horde-announce&m=147319089526753&w=2
http://www.securityfocus.com/bid/94997
https://github.com/horde/horde/commit/30d5506c20d26efbb9942fbdc6f981a0bd333b97
https://github.com/horde/horde/commit/4d8176d1e9ef5cbd2b3fcacd9b9a4c8e482fb424

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo