Vulners
Lucene search
CVE-2021-26929
🗓️ 14 Feb 2021 03:43:49Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 150 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | Horde Groupware Webmail Edition 5.2.22 XSS / Remote Code Execution Exploit | 14 Apr 202100:00 | – | zdt |
| htmly 2.8.0 Cross Site Scripting Exploit | 15 Apr 202100:00 | – | zdt |
 | CVE-2021-26929 | 14 Feb 202107:45 | – | circl |
 | Horde Groupware Webmail 跨站脚本漏洞 | 13 Feb 202100:00 | – | cnnvd |
 | Horde Groupware Webmail Cross-Site Scripting Vulnerability (CNVD-2021-14154) | 25 Feb 202100:00 | – | cnvd |
 | CVE-2021-26929 | 14 Feb 202103:43 | – | cvelist |
 | [SECURITY] [DLA 2564-1] php-horde-text-filter security update | 19 Feb 202106:50 | – | debian |
 | CVE-2021-26929 | 14 Feb 202103:43 | – | debiancve |
 | Debian DLA-2564-1 : php-horde-text-filter security update | 22 Feb 202100:00 | – | nessus |
| Linux Distros Unpatched Vulnerability : CVE-2021-26929 | 30 Aug 202500:00 | – | nessus |
10
Node
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| token | request body | services/ajax.php/imp/deleteMessages | Stored XSS via crafted mailbox deletion workflow leading to injection payload in email processing (imp/deleteMessages). | CWE-79 |
| view | request body | services/ajax.php/imp/deleteMessages | Stored XSS via crafted mailbox deletion workflow leading to injection payload in email processing (imp/deleteMessages). | CWE-79 |
| buid | request body | services/ajax.php/imp/deleteMessages | Stored XSS via crafted mailbox deletion workflow leading to injection payload in email processing (imp/deleteMessages). | CWE-79 |
| token | request body | services/ajax.php/imp/purgeDeleted | Stored XSS risk during purgeDeleted call that may process crafted tokens/view data. | CWE-79 |
| view | request body | services/ajax.php/imp/purgeDeleted | Stored XSS risk during purgeDeleted call that may process crafted tokens/view data. | CWE-79 |
| reload | request body | services/ajax.php/imp/listMailboxes | Potential XSS exposure while listing mailboxes through AJAX endpoint processing supplied params. | CWE-79 |
| unsub | request body | services/ajax.php/imp/listMailboxes | Potential XSS exposure while listing mailboxes through AJAX endpoint processing supplied params. | CWE-79 |
| token | request body | services/ajax.php/imp/listMailboxes | Potential XSS exposure while listing mailboxes through AJAX endpoint processing supplied params. | CWE-79 |
| mbox_list | query param | services/download/?app=imp&actionID=download_mbox | Download endpoint used to exfiltrate mailbox data; may be abused to deliver payload via mbox zip and trigger XSS upon processing. | CWE-79 |
| token | query param | services/download/?app=imp&actionID=download_mbox | Download endpoint used to exfiltrate mailbox data; may be abused to deliver payload via mbox zip and trigger XSS upon processing. | CWE-79 |
10
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2024 05:57Current
5.8Medium risk
Vulners AI Score5.8
CVSS 24.3
CVSS 3.16.1
EPSS0.01518