[announce] [SECURITY] CVE 2021-26929: XSS vulnerability in Horde_Text_Filter
Michael J Rubinsky
mrubinsk at horde.org
Sat Feb 13 17:22:12 UTC 2021
Hello,
A XSS vulnerability has been found in the Horde_Text_Filter library.
This library is utilized by the Horde webmail application (IMP) for
tasks such as making hyperlinks clickable in plain text email. This
vulnerability leads to the ability of an attacker to craft a malicious
email that can execute arbitrary JavaScript code in the context of the
webmail application. All that is required of the user is to display
the malicious email.
This vulnerability has been patched in version 2.3.7 of the
Horde_Text_Filter library and everybody is advised to upgrade to
Horde_Text_Filter 2.3.7 as soon as possible.
This vulnerability was reported to us by Alex
Birnberg<birnbergalex at gmail.com>.
--
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/announce/attachments/20210213/4cb8e82a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/announce/attachments/20210213/4cb8e82a/attachment.sig>
More information about the announce
mailing list