Описание
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server.
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-12095
- https://bugs.horde.org/ticket/14926
- https://cxsecurity.com/issue/WLB-2019050199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/161333
- https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html
- https://numanozdemir.com/respdisc/horde/horde.mp4
- https://numanozdemir.com/respdisc/horde/horde.txt
- https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html
- https://www.exploit-db.com/exploits/46903
EPSS
CVE ID
Связанные уязвимости
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...
EPSS