cve/CVE-2021-26929.md at 8f32eec229df5ac6033987f6cf2822bfcb07c2e0

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

POC

Reference

http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html
http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html

Github

https://github.com/2lambda123/CVE-mitre
https://github.com/2lambda123/Windows10Exploits
https://github.com/ARPSyndicate/cvemon
https://github.com/Offensive-Penetration-Security/OPSEC-Hall-of-fame
https://github.com/nu11secur1ty/CVE-mitre
https://github.com/nu11secur1ty/CVE-nu11secur1ty
https://github.com/nu11secur1ty/Windows10Exploits

1.3 KiB Raw Blame History

CVE-2021-26929

Description

POC

Reference

Github

1.3 KiB

Raw Blame History