VDB

CVE-2021-26929

CVE-2021-26929 PUBLISHED

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

EPSS 1.52% · 81.6th percentile

Risk Scores

EPSS Score
1.52%
81.6th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSphp-horde-text-filter0, 2.3.5-1, 2.3.5-1ubuntu1
Ubuntu:16.04:LTSphp-horde-text-filter0, 2.3.2-1, 2.3.2-2

Exploit Intelligence

…and 2 more exploits

Timeline

  • Feb 14, 2021 CVE Published
  • Apr 14, 2021 PoC Published
  • Apr 14, 2021 EPSS Score
  • Apr 15, 2021 PoC Published
  • Apr 16, 2021 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 15, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Aug 3, 2024 CVE Updated
  • Nov 1, 2024 EPSS Score
  • Nov 14, 2024 PoC Published
  • Dec 17, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›