CVE-2021-26929
Published: 14 February 2021
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.
Priority
Status
Package | Release | Status |
---|---|---|
php-horde-text-filter Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
bionic |
Needed
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.3.7)
|
|
xenial |
Needed
|
|
mantic |
Does not exist
|
|
Patches: upstream: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26929
- https://lists.horde.org/archives/announce/2021/001298.html
- https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master)
- https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
- https://www.alexbirnberg.com/horde-xss.html
- https://github.com/horde/webmail/releases
- https://www.horde.org/apps/webmail
- NVD
- Launchpad
- Debian