Lucene search
+L

11 matches found

Packet Storm
Packet Storm
added 2021/04/15 12:0 a.m.526 views

Horde Groupware Webmail 5.2.22 Cross Site Scripting

Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty Date: 04.14.2021 Vendor: https://www.horde.org/apps/webmail Link: https://github.com/horde/webmail/releases CVE: CVE-2021-26929 + Exploit Source:...

4.3CVSS6.2AI score0.04944EPSS
Exploits7
0day.today
0day.today
added 2021/04/14 12:0 a.m.80 views

Horde Groupware Webmail Edition 5.2.22 XSS / Remote Code Execution Exploit

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. Exploit Title: Remote code execution XSS HordeTextFilter library Webmail Edition through 5.2.22 Author: Alex Birnberg Testing and Debugging: Ventsislav...

6.1CVSS0.04944EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/04/14 12:0 a.m.505 views

Webmail Edition 5.2.22 XSS / Remote Code Execution

Exploit Title: Remote code execution XSS HordeTextFilter library Webmail Edition through 5.2.22 Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty System Administrator - Infrastructure Engineer Date: 04.14.2021 Vendor: webmail Link:...

4.3CVSS6.2AI score0.04944EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2021/02/25 12:0 a.m.21 views

Fedora 32 : php-horde-Horde-Text-Filter (2021-cbfa969c98)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-cbfa969c98 advisory. - HordeTextFilter 2.3.7 mjr SECURITY: Fix XSS via Text2Html filter Reported by: Alex Birnberg, CVE 2021-26929 FEDORA-2021-cbfa969c98 Note that Nessus has not...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/02/25 12:0 a.m.15 views

Fedora 33 : php-horde-Horde-Text-Filter (2021-f8368da9af)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-f8368da9af advisory. - HordeTextFilter 2.3.7 mjr SECURITY: Fix XSS via Text2Html filter Reported by: Alex Birnberg, CVE 2021-26929 FEDORA-2021-f8368da9af Note that Nessus has not...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/02/22 12:0 a.m.32 views

Debian DLA-2564-1 : php-horde-text-filter security update

Alex Birnberg discovered a cross-site scripting XSS vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail. CVE-2021-26929 An XSS issue was discovered in Horde Groupware Webmail Edition...

6.1CVSS5.6AI score0.04944EPSS
Exploits7References4
Debian
Debian
added 2021/02/19 6:50 a.m.93 views

[SECURITY] [DLA 2564-1] php-horde-text-filter security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2564-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler February 18, 2021 https://wiki.debian.org/LTS -...

6.1CVSS6.1AI score0.04944EPSS
Exploits7
Circl
Circl
added 2021/02/14 7:45 a.m.45 views

CVE-2021-26929

creationtimestamp| type| source ---|---|--- 2021-02-14 07:45:11+00:00| seen| https://t.me/cibsecurity/23577 2021-09-21 06:42:48+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/171 2024-11-14 06:08:50+00:00| seen| MISP/0d1db1c1-c9b1-4ec2-8b8b-30e6fc132a61...

6.1CVSS6AI score0.04944EPSS
Exploits7References2
NVD
NVD
added 2021/02/14 4:15 a.m.16 views

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

6.1CVSS0.04944EPSS
Exploits7References7
Debian CVE
Debian CVE
added 2021/02/14 3:43 a.m.31 views

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

6.1CVSS6.2AI score0.04944EPSS
Exploits7
CVE
CVE
added 2021/02/14 3:43 a.m.166 views

CVE-2021-26929

CVE-2021-26929 affects Horde Groupware Webmail Edition up to 5.2.22 (Horde_Text_Filter before 2.3.7). The vulnerability is an XSS in which a attacker can send a plain text email containing JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, due to bespoke use ...

6.1CVSS5.8AI score0.04944EPSS
Exploits7References7Affected Software1
Rows per page
Query Builder