[announce] [SECURITY] CVE 2021-26929: XSS vulnerability in Horde_Text_Filter

Michael J Rubinsky mrubinsk at horde.org
Sat Feb 13 17:22:12 UTC 2021


Hello,

A XSS vulnerability has been found in the Horde_Text_Filter library.  
This library is utilized by the Horde webmail application (IMP) for  
tasks such as making hyperlinks clickable in plain text email. This  
vulnerability leads to the ability of an attacker to craft a malicious  
email that can execute arbitrary JavaScript code in the context of the  
webmail application. All that is required of the user is to display  
the malicious email.

This vulnerability has been patched in version 2.3.7 of the  
Horde_Text_Filter library and everybody is advised to upgrade to  
Horde_Text_Filter 2.3.7 as soon as possible.

This vulnerability was reported to us by Alex  
Birnberg<birnbergalex at gmail.com>.




-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/announce/attachments/20210213/4cb8e82a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/announce/attachments/20210213/4cb8e82a/attachment.sig>


More information about the announce mailing list