[Tickets #14926] Re: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails <= v5.2.22
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Dec 4 00:44:21 UTC 2019
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14926
------------------------------------------------------------------------------
Ticket | 14926
Updated By | Michael Rubinsky <mrubinsk at horde.org>
Summary | Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing
| Emails <= v5.2.22
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Resolved
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Rubinsky <mrubinsk at horde.org> (2019-12-04 00:44) wrote:
As far as I know those are the only two issues applicable to this
ticket. I think the third was the "exploit" of being able to obtain
IMAP messages via GET requests, from a webmail application...
More information about the bugs
mailing list