CVE-2017-16906

CVE-2017-16906

In Horde Groupware 5.2.19, there is XSS via the URL field in a "Calendar -> New Event" action.