| Release | Version |
|---|---|
| jessie (security) | 5.2.1+debian0-2+deb8u3 |
| stretch | 5.2.13+debian0-1 |
| buster | 5.2.17+debian0-3 |
| sid | 5.2.17+debian0-3 |
| Bug | jessie | stretch | buster | sid | Description |
|---|---|---|---|---|---|
| CVE-2017-17781 | undetermined | undetermined | undetermined | undetermined | In Horde Groupware through 5.2.22, SQL Injection exists via the group ... |
| CVE-2017-16908 | undetermined | undetermined | undetermined | undetermined | In Horde Groupware 5.2.19, there is XSS via the Name field during ... |
| CVE-2017-16907 | undetermined | undetermined | undetermined | undetermined | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ... |
| CVE-2017-16906 | undetermined | undetermined | undetermined | undetermined | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ... |
| Bug | Description |
|---|---|
| TEMP-0785364-25992B | XSS in group administration |
| CVE-2016-2228 | Cross-site scripting (XSS) vulnerability in ... |
| CVE-2015-7984 | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde ... |
| CVE-2013-6365 | CSRF edit.php |
| CVE-2013-6364 | XSS and CSRF search.php |
| CVE-2013-1090 | The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership ... |
| DSA / DLA | Description |
|---|---|
| DSA-3497-1 | php-horde - security update |
| DSA-3391-1 | php-horde - security update |