CVE-2021-26929

2021-02-1404:15:12

Debian Security Bug Tracker

security-tracker.debian.org

horde groupware webmail

xss issue

text2html.php

javascript

preprocess

mishandled

cve-2021-26929

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.022

Percentile

89.4%

JSON

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

OSVersionArchitecturePackageVersionFilename
Debian12allphp-horde-text-filter< 2.3.7-1php-horde-text-filter_2.3.7-1_all.deb
Debian11allphp-horde-text-filter< 2.3.7-1php-horde-text-filter_2.3.7-1_all.deb
Debian999allphp-horde-text-filter< 2.3.7-1php-horde-text-filter_2.3.7-1_all.deb
Debian13allphp-horde-text-filter< 2.3.7-1php-horde-text-filter_2.3.7-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	php-horde-text-filter	< 2.3.7-1	php-horde-text-filter_2.3.7-1_all.deb
Debian	11	all	php-horde-text-filter	< 2.3.7-1	php-horde-text-filter_2.3.7-1_all.deb
Debian	999	all	php-horde-text-filter	< 2.3.7-1	php-horde-text-filter_2.3.7-1_all.deb
Debian	13	all	php-horde-text-filter	< 2.3.7-1	php-horde-text-filter_2.3.7-1_all.deb