HomePentest-Tools.com Logo

Horde Groupware Webmail <= 5.2.22 XSS Vulnerability CVE-2021-26929

Severity
CVSSv3 Score
6.1
Vulnerability description

Horde Groupware Webmail is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

Recommendation

Update to version 5.2.23.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 14, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available