CVE-2013-6364
HIGHHorde Groupware Webmail Edition - Cross-Site Request Forgery and Cross-Site Scripting in Saved Search
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6364. PoCs published by Marcela Benetrix.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Horde Groupware Webmail Edition 5.1.2, allowing an attacker to manipulate address book permissions via a crafted HTML form. The PoC includes a form that submits malicious requests to the target application without requiring user interaction beyond clicking a button.
Description
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Exploits (1)
This exploit demonstrates a CSRF vulnerability in Horde Groupware Webmail Edition 5.1.2, allowing an attacker to manipulate address book permissions via a crafted HTML form. The PoC includes a form that submits malicious requests to the target application without requiring user interaction beyond clicking a button.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H