163 matches found
CVE-2021-26929
CVE-2021-26929 affects Horde Groupware Webmail Edition up to 5.2.22 (Horde_Text_Filter before 2.3.7). The vulnerability is an XSS in which a attacker can send a plain text email containing JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, due to bespoke use ...
CVE-2021-26929
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...
Horde Groupware Webmail 跨站脚本漏洞
Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A cross-site scripting vulnerability exists in Horde Groupware Webmail Edition, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the displaytasklists parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Flags msgflags Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Flags.php. When parsing the msgflags parameter, the process does not properl...
(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...
(0Day) Horde Groupware Webmail Edition prefs sync_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the syncnotepads parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Nag display_tasklists Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the displaytasklists parameter, the process does not...
(0Day) Horde Groupware Webmail Edition attendees fb_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within attendees.php. When parsing the fbcals parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Nag show_external Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Nag.php. When parsing the showexternal parameter, the process does not...
(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Mnemo display_notepads Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Mnemo.php. When parsing the displaynotepads parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Kronolith remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Kronolith.php. When parsing the remotecals parameter, the process does not...
(0Day) Horde Groupware Webmail Edition remote_edit remote_cals Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within remoteedit.php. When parsing the remotecals parameter, the process does not...
(0Day) Horde Groupware Webmail Edition Collection portal_layout Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the portallayout parameter, the process does no...
Horde Groupware Webmail Cross-Site Scripting Vulnerability (CNVD-2020-33657)
Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A cross-site scripting vulnerability exists in the image viewing feature in Horde Groupware Webmail Edition prior to 5.2.22, which can be exploited to gain access to a user's Webmail account via a...
Horde Gollem Cross-Site Scripting Vulnerability
Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. Gollem is a file manager used in it. A cross-site scripting vulnerability exists in Horde Gollem versions prior to 3.0.13 used in Horde Groupware Webmail Edition version 5.2.22 and other products,...
CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...
UBUNTU-CVE-2020-8035
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...
CVE-2020-8035
Affected software: Horde Groupware Webmail Edition. Vulnerability: stored XSS via SVG image uploads, enabling a remote attacker to obtain access to a victim’s webmail account. Affected versions are Horde Groupware Webmail Edition prior to 5.2.22. Risk details are stated in the connected documents...