From mrubinsk at horde.org Sat Feb 13 17:22:12 2021 From: mrubinsk at horde.org (Michael J Rubinsky) Date: Sat, 13 Feb 2021 17:22:12 +0000 Subject: [announce] [SECURITY] CVE 2021-26929: XSS vulnerability in Horde_Text_Filter Message-ID: <20210213172212.Horde.lVpHEz74MND4D8sIKAmMYeK@tarn.theupstairsroom.com> Hello, A XSS vulnerability has been found in the Horde_Text_Filter library. This library is utilized by the Horde webmail application (IMP) for tasks such as making hyperlinks clickable in plain text email. This vulnerability leads to the ability of an attacker to craft a malicious email that can execute arbitrary JavaScript code in the context of the webmail application. All that is required of the user is to display the malicious email. This vulnerability has been patched in version 2.3.7 of the Horde_Text_Filter library and everybody is advised to upgrade to Horde_Text_Filter 2.3.7 as soon as possible. This vulnerability was reported to us by Alex Birnberg. -- mike The Horde Project http://www.horde.org https://www.facebook.com/hordeproject https://www.twitter.com/hordeproject -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-keys Size: 9272 bytes Desc: PGP Public Key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 851 bytes Desc: PGP Digital Signature URL: