In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.
CVSS Metrics
