CVE-2021-26929

MEDIUM

Horde Groupware Webmail < 5.2.22 - Cross-Site Scripting via Text2html.php PreProcess

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26929. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Horde Groupware Webmail 5.2.22 by crafting a malicious email with a JavaScript payload that exfiltrates emails from the victim's mailbox via a callback server. The exploit uses SMTP to send the email and a Flask server to receive stolen data.

Description

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · pythonwebappsmultiple

https://www.exploit-db.com/exploits/49769

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Horde Groupware Webmail 5.2.22 by crafting a malicious email with a JavaScript payload that exfiltrates emails from the victim's mailbox via a callback server. The exploit uses SMTP to send the email and a Flask server to receive stolen data.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Horde Groupware Webmail 5.2.22

No auth needed

Prerequisites: SMTP server access · target email address · callback server for exfiltration

MITRE ATT&CK