Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition
CVE-2019-12094

6.1MEDIUM

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
24 October 2019

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2019-12094?

The Horde Groupware Webmail Edition is susceptible to cross-site scripting (XSS) attacks, which can be exploited through specific endpoints such as 'admin/user.php?form=update_f&user_name=', 'admin/user.php?form=remove_f&user_name=', and 'admin/config/diff.php?app='. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access and data manipulation. It is crucial for users and administrators to take immediate action to mitigate these risks.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.