4 matches found
CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...
CVE-2019-12095
creationtimestamp| type| source ---|---|--- 2024-01-27 12:16:34+00:00| seen| https://t.me/ctinow/174744...
CVE-2019-12095
CVE-2019-12095 affects Horde Trean (Horde Groupware Webmail Edition up to 5.2.22 and related products). The flaw enables CSRF via the treanBookmarkTags parameter to the trean/ URI on a webmail server, with the note that treanBookmarkTags could carry a stored XSS payload. Public documents confirm ...
Horde Webmail 5.2.22 - Multiple Vulnerabilities
Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...