6.0.0-alpha14
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
6/19/25
History
Attachments
Comment
Watch
Download
Comment on [#14926] Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails <= v5.2.22
*
Your Email Address
*
Spam protection
Enter the letters below:
.__.. ,.___ ..__ | | \./ [__ |[__) |__| | [___\__|[__)
Comment
> The original report included the following: > >> # Attacker can combine "CSRF vulnerability in Trean Bookmarks >> (defaultly installed on Horde Groupware)" and >> # "Stored XSS vulnerability in Horde TagCloud (defaultly installed)" >> vulnerabilities to steal victim's emails. >> >> # Also: >> # Attacker can use 3 different reflected XSS vulnerability to >> exploit Remote Command Execution, SQL Injection and Code Execution. > > I am working on updating the Horde packages in Debian LTS, also > coordinating with the security team for an update to Debian stable, > and so some clarification would help. > > It is clear that the TagCloud XSS (CVE-2019-12094) was fixed and the > associated commit was easy to find and applied cleanly to the Horde > package in Debian. It is also clear that the CSRF (CVE-2019-12095) > has been deemed minor and not worth fixing. However, it is not clear > that the "3 different reflected XSS vulnerability" have been > addressed. Is there an additional vulnerability there beyond those > two which received CVE assignments? Answering this would help ensure > that we properly track the state of Horde in Debian.
Attachment
Watch this ticket
New Ticket
My Tickets
Search
Query Builder
Reports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers