Lucene search
K

CVE-2021-26929

🗓️ 14 Feb 2021 03:43:49Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 160 Views🌐 WEB

An XSS issue in Horde Groupware Webmail Edition 5.2.22 allows email-based JavaScript executio

Related
Detection
Refs
Paths
Social
NVD
Node
hordegroupwareRange5.2.22webmail
Node
ParameterPositionPathDescriptionCWE
tokenrequest bodyservices/ajax.php/imp/deleteMessagesStored XSS via crafted email content processed by Horde Groupware Webmail when viewing messages, enabling injection in XSS defenses.CWE-79
viewrequest bodyservices/ajax.php/imp/deleteMessagesStored XSS via crafted email content processed by Horde Groupware Webmail when viewing messages, enabling injection in XSS defenses.CWE-79
buidrequest bodyservices/ajax.php/imp/deleteMessagesStored XSS via crafted email content processed by Horde Groupware Webmail when viewing messages, enabling injection in XSS defenses.CWE-79
tokenrequest bodyservices/ajax.php/imp/purgeDeletedStored XSS via crafted email content processed by Horde Groupware Webmail when purging/deleting messages, enabling injection in XSS defenses.CWE-79
viewrequest bodyservices/ajax.php/imp/purgeDeletedStored XSS via crafted email content processed by Horde Groupware Webmail when purging/deleting messages, enabling injection in XSS defenses.CWE-79
mbox_listrequest bodyservices/download/?app=imp&actionID=download_mbox&mbox_list=...&type=mboxzip&token=...&fn=/Stored XSS via exfiltrated mailbox content embedded in mail processing flow, enabling injection when the mailbox is loaded.CWE-79
tokenrequest bodyservices/download/?app=imp&actionID=download_mbox&mbox_list=...&type=mboxzip&token=...&fn=/Stored XSS via exfiltrated mailbox content embedded in mail processing flow, enabling injection when the mailbox is loaded.CWE-79
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:44Current
5.8Medium risk
Vulners AI Score5.8
CVSS 24.3
CVSS 3.16.1
EPSS0.04944
160