Vulnerability CVE-2021-26929


Published: 2021-02-14

Description:
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Horde Groupware Webmail 5.2.22 Cross Site Scripting
nu11secur1ty
15.04.2021
High
Webmail Edition 5.2.22 XSS / Remote Code Execution
nu11secur1ty
15.04.2021
Low
htmly 2.8.0 Cross Site Scripting
nu11secur1ty
16.04.2021

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Horde -> Groupware 

 References:
https://github.com/horde/webmail/releases
https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html
https://lists.horde.org/archives/announce/2021/001298.html
https://www.alexbirnberg.com/horde-xss.html
https://www.horde.org/apps/webmail

Copyright 2022, cxsecurity.com

 

Back to Top