Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
References
Link | Resource |
---|---|
https://bugs.horde.org/ticket/14926 | Exploit Issue Tracking Vendor Advisory |
https://cxsecurity.com/issue/WLB-2019050199 | Exploit Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/161333 | Third Party Advisory VDB Entry |
https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html | |
https://numanozdemir.com/respdisc/horde/horde.mp4 | Exploit Third Party Advisory |
https://numanozdemir.com/respdisc/horde/horde.txt | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/46903 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-24T17:09:59
Updated: 2019-12-14T06:06:02
Reserved: 2019-05-14T00:00:00
Link: CVE-2019-12095
JSON object: View
NVD Information
Status : Modified
Published: 2019-10-24T18:15:11.297
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-12095
JSON object: View
Redhat Information
No data.