OpenCVE

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Horde	Groupware

Configuration 1 [-]

cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html
http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html
https://github.com/horde/webmail/releases
https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html
https://lists.horde.org/archives/announce/2021/001298.html
https://www.alexbirnberg.com/horde-xss.html
https://www.horde.org/apps/webmail

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-14T03:43:49

Updated: 2024-08-03T20:33:41.620Z

Reserved: 2021-02-09T00:00:00

Link: CVE-2021-26929

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-14T04:15:12.777

Modified: 2024-11-21T05:57:04.023

Link: CVE-2021-26929

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \\x00\\x00\\x00 and \\x01\\x01\\x01 interferes with XSS defenses."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-15T15:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/horde/webmail/releases"}, {"tags": ["x_refsource_MISC"], "url": "https://www.horde.org/apps/webmail"}, {"tags": ["x_refsource_MISC"], "url": "https://www.alexbirnberg.com/horde-xss.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.horde.org/archives/announce/2021/001298.html"}, {"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2564-1] php-horde-text-filter security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-26929", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \\x00\\x00\\x00 and \\x01\\x01\\x01 interferes with XSS defenses."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/horde/webmail/releases", "refsource": "MISC", "url": "https://github.com/horde/webmail/releases"}, {"name": "https://www.horde.org/apps/webmail", "refsource": "MISC", "url": "https://www.horde.org/apps/webmail"}, {"name": "https://www.alexbirnberg.com/horde-xss.html", "refsource": "MISC", "url": "https://www.alexbirnberg.com/horde-xss.html"}, {"name": "https://lists.horde.org/archives/announce/2021/001298.html", "refsource": "CONFIRM", "url": "https://lists.horde.org/archives/announce/2021/001298.html"}, {"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2564-1] php-horde-text-filter security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html"}, {"name": "http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:33:41.620Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/horde/webmail/releases"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.horde.org/apps/webmail"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.alexbirnberg.com/horde-xss.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.horde.org/archives/announce/2021/001298.html"}, {"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2564-1] php-horde-text-filter security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-26929", "datePublished": "2021-02-14T03:43:49", "dateReserved": "2021-02-09T00:00:00", "dateUpdated": "2024-08-03T20:33:41.620Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*", "matchCriteriaId": "9B749CF0-3995-4FFF-BA34-35D7C889AD78", "versionEndIncluding": "5.2.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \\x00\\x00\\x00 and \\x01\\x01\\x01 interferes with XSS defenses."}, {"lang": "es", "value": "Se detect\u00f3 un problema de tipo XSS en Horde Groupware Webmail Edition versiones hasta 5.2.22 (donde es usada la biblioteca Horde_Text_Filter versiones anteriores a 2.3.7). El atacante puede enviar un mensaje de correo electr\u00f3nico de texto plano, con JavaScript codificado como un enlace o correo electr\u00f3nico que es manejado apropiadamente por la funci\u00f3n preProcess en el archivo Text2html.php, porque el uso personalizado de \\x00\\x00\\x00 y \\x01\\x01\\x01 interfiere con las defensas de XSS"}], "id": "CVE-2021-26929", "lastModified": "2024-11-21T05:57:04.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-14T04:15:12.777", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/horde/webmail/releases"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.horde.org/archives/announce/2021/001298.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.alexbirnberg.com/horde-xss.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.horde.org/apps/webmail"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162187/Webmail-Edition-5.2.22-XSS-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/162194/Horde-Groupware-Webmail-5.2.22-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/horde/webmail/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.horde.org/archives/announce/2021/001298.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.alexbirnberg.com/horde-xss.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.horde.org/apps/webmail"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}