Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition
CVE-2019-12094
6.1MEDIUM
Key Information:
Badges
๐พ Exploit Exists
What is CVE-2019-12094?
The Horde Groupware Webmail Edition is susceptible to cross-site scripting (XSS) attacks, which can be exploited through specific endpoints such as 'admin/user.php?form=update_f&user_name=', 'admin/user.php?form=remove_f&user_name=', and 'admin/config/diff.php?app='. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access and data manipulation. It is crucial for users and administrators to take immediate action to mitigate these risks.
