Exploit for #VU50773 Cross-site scripting in Groupware Webmail Edition and Horde_Text

Exploit for #VU50773 Cross-site scripting in Groupware Webmail Edition and Horde_Text_Filter

Published: 2021-04-16 | Updated: 2021-06-17

Vulnerability identifier: #VU50773

Vulnerability risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-26929

CWE-ID: CWE-79

Exploitation vector: Network

Exploits in database: 3

June 17, 2021
- Horde Groupware Webmail 5.2.22 - Stored XSS [Exploit-DB]
April 16, 2021
- Horde Groupware Webmail 5.2.22 Cross Site Scripting [Packet Storm]
- Webmail Edition 5.2.22 XSS / Remote Code Execution [Packet Storm]

Impact: Information disclosure and data manipulation

Vulnerable software:
Groupware Webmail Edition
Web applications / Webmail solutions
Horde_Text_Filter
Universal components / Libraries / Libraries used by multiple products

Vendor: Horde Project