CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
References
Link Resource
https://numanozdemir.com/respdisc/horde/horde.mp4 Exploit Third Party Advisory
https://www.exploit-db.com/exploits/46903 Exploit Third Party Advisory VDB Entry
https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html Exploit Third Party Advisory VDB Entry
https://numanozdemir.com/respdisc/horde/horde.txt Exploit Third Party Advisory
https://cxsecurity.com/issue/WLB-2019050199 Exploit Third Party Advisory
https://bugs.horde.org/ticket/14926 Exploit Issue Tracking Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:horde:groupware:*:*:*:*:webmail:*:*:*

Information

Published : 2019-10-24 10:15

Updated : 2019-12-03 09:15


NVD link : CVE-2019-12094

Mitre link : CVE-2019-12094


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

horde

  • groupware